993 research outputs found
I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis
Android applications may leak privacy data carelessly or maliciously. In this
work we perform inter-component data-flow analysis to detect privacy leaks
between components of Android applications. Unlike all current approaches, our
tool, called IccTA, propagates the context between the components, which
improves the precision of the analysis. IccTA outperforms all other available
tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our
approach detects 147 inter-component based privacy leaks in 14 applications in
a set of 3000 real-world applications with a precision of 88.4%. With the help
of ApkCombiner, our approach is able to detect inter-app based privacy leaks
IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications
Android apps cooperate through message passing via intents. However, when
apps do not have identical sets of privileges inter-app communication (IAC) can
accidentally or maliciously be misused, e.g., to leak sensitive information
contrary to users expectations. Recent research considered static program
analysis to detect dangerous data leaks due to inter-component communication
(ICC) or IAC, but suffers from shortcomings with respect to precision,
soundness, and scalability. To solve these issues we propose a novel approach
for static ICC/IAC analysis. We perform a fixed-point iteration of ICC/IAC
summary information to precisely resolve intent communication with more than
two apps involved. We integrate these results with information flows generated
by a baseline (i.e. not considering intents) information flow analysis, and
resolve if sensitive data is flowing (transitively) through components/apps in
order to be ultimately leaked. Our main contribution is the first fully
automatic sound and precise ICC/IAC information flow analysis that is scalable
for realistic apps due to modularity, avoiding combinatorial explosion: Our
approach determines communicating apps using short summaries rather than
inlining intent calls, which often requires simultaneously analyzing all tuples
of apps. We evaluated our tool IIFA in terms of scalability, precision, and
recall. Using benchmarks we establish that precision and recall of our
algorithm are considerably better than prominent state-of-the-art analyses for
IAC. But foremost, applied to the 90 most popular applications from the Google
Playstore, IIFA demonstrated its scalability to a large corpus of real-world
apps. IIFA reports 62 problematic ICC-/IAC-related information flows via two or
more apps/components
Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation
We present Anadroid, a static malware analysis framework for Android apps.
Anadroid exploits two techniques to soundly raise precision: (1) it uses a
pushdown system to precisely model dynamically dispatched interprocedural and
exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to
soundly approximate all possible interleavings of asynchronous entry points in
Android applications. (It also integrates static taint-flow analysis and least
permissions analysis to expand the class of malicious behaviors which it can
catch.) Anadroid provides rich user interface support for human analysts which
must ultimately rule on the "maliciousness" of a behavior.
To demonstrate the effectiveness of Anadroid's malware analysis, we had teams
of analysts analyze a challenge suite of 52 Android applications released as
part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA
program. The first team analyzed the apps using a ver- sion of Anadroid that
uses traditional (finite-state-machine-based) control-flow-analysis found in
existing malware analysis tools; the second team analyzed the apps using a
version of Anadroid that uses our enhanced pushdown-based
control-flow-analysis. We measured machine analysis time, human analyst time,
and their accuracy in flagging malicious applications. With pushdown analysis,
we found statistically significant (p < 0.05) decreases in time: from 85
minutes per app to 35 minutes per app in human plus machine analysis time; and
statistically significant (p < 0.05) increases in accuracy with the
pushdown-driven analyzer: from 71% correct identification to 95% correct
identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in
SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201
MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs
Smartphones, the devices we carry everywhere with us, are being heavily
tracked and have undoubtedly become a major threat to our privacy. As "tracking
the trackers" has become a necessity, various static and dynamic analysis tools
have been developed in the past. However, today, we still lack suitable tools
to detect, measure and compare the ongoing tracking across mobile OSs. To this
end, we propose MobileAppScrutinator, based on a simple yet efficient dynamic
analysis approach, that works on both Android and iOS (the two most popular OSs
today). To demonstrate the current trend in tracking, we select 140 most
representative Apps available on both Android and iOS AppStores and test them
with MobileAppScrutinator. In fact, choosing the same set of apps on both
Android and iOS also enables us to compare the ongoing tracking on these two
OSs. Finally, we also discuss the effectiveness of privacy safeguards available
on Android and iOS. We show that neither Android nor iOS privacy safeguards in
their present state are completely satisfying
Detection of illegal control flow in Android System: Protecting private data used by Smartphone Apps
International audienceToday, security is a requirement for smartphone operating systems that are used to store and handle sensitive information. How- ever, smartphone users usually download third-party applications that can leak personal data without user authorization. For this reason, the dynamic taint analysis mechanism is used to control the manipulation of private data by third-party apps [9]. But this technique does not detect control flows. In particular, untrusted applications can circumvent An- droid system and get privacy sensitive information through control flows. In this paper, we propose a hybrid approach that combines static and dynamic analysis to propagate taint along control dependencies in An- droid system. To evaluate the effectiveness of our approach, we analyse 27 free Android applications. We found that 14 of these applications use control flows to transfer sensitive data. We successfully detect that 8 of them leaked private information. Our approach creates 19% performance overhead that is due to the propagation of taint in the control flow. By using our approach, it becomes possible to detect leakage of personal data through control flows
Program analysis for anomaly detection
When interacting with mobile applications, users may not always get what they expect. For instance, when users download Android applications from a market, they do not know much about their actual behavior. A brief description, a set of screenshots and a list of permissions, which give a high level intuition of what applications might be doing, form user expectations. However applications do not always meet them. For example, a gaming application intentionally could send SMS messages to a premium number in a background without a userâs knowledge. A less harmful scenario would be a wrong message confirming a successful action that was never executed. Whatever the behavior of a mobile application might (app) be, in order to test and fully understand it, there needs to be a technique that can analyse the User Interface (UI) of the app and the code associated with it as the whole. This thesis presents a static analysis framework called SAFAND that given an ANDROID app performs the following analysis: - gathers information on how the application uses sensitive data; - identifies and analyses UI elements of the application; - binds UI elements with their corresponding behavior. The thesis illustrates how results obtained from the framework can be used to identify problems ranging from small usability issues to malicious behavior of real-world applications.Bei der Interaktion mit mobilen Anwendungen erhalten Benutzer möglicherweise nicht immer das, was sie erwarten. Wenn Benutzer beispielsweise Android- Anwendungen von einem Marktplatz herunterladen, wissen sie nicht viel ĂŒber das tatsĂ€chliche Verhalten dieser Anwendungen. Eine kurze Beschreibung, eine Reihe von Screenshots und eine Liste von Berechtigungen, die eine umfassende Vorstellung davon geben sollen, welche Anwendungen möglicherweise ausgefĂŒhrt werden können, bilden die Erwartungen der Benutzer. Die Anwendungen entsprechen diesen Erwartungen aber nicht immer. Zum Beispiel könnte ein Spiel ohne Wissen des Benutzers im Hintergrund absichtlich SMS-Nachrichten an eine Premium-Nummer senden. Ein weniger schĂ€dliches Szenario wĂ€re eine falsche Meldung, welche eine erfolgreiche Aktion bestĂ€tigt, die jedoch niemals durchgefĂŒhrt wurde. UnabhĂ€ngig vom Verhalten einer mobilen Anwendung (App) muss eine Technik vorhanden sein, die die BenutzeroberflĂ€che (User Interface, UI) der App und des damit verbundenen Codes testet und als Ganzes versteht. In dieser Arbeit wird ein statisches Analyseframework namens SAFAND2 vorgestellt, bei dem eine ANDROID-App die folgende Analyse durchfĂŒhrt: * sammelt Informationen darĂŒber, wie die Anwendung sensible Daten verwendet; * identifiziert und analysiert UI-Elemente der Anwendung; * verbindet UI-Elemente mit ihrem entsprechenden Verhalten. Die Arbeit zeigt, wie Probleme, von kleinen Usability-Problemen bis hin zu böswilligem Verhalten realer Anwendungen, mit den Ergebnissen des Frameworks identifiziert werden können. 2SAFAND = Static Analysis For Anomaly Detectio
- âŠ