Ghera: A Repository of Android App Vulnerability Benchmarks

Security of mobile apps affects the security of their users. This has fueled the development of techniques to automatically detect vulnerabilities in mobile apps and help developers secure their apps; specifically, in the context of Android platform due to openness and ubiquitousness of the platform. Despite a slew of research efforts in this space, there is no comprehensive repository of up-to-date and lean benchmarks that contain most of the known Android app vulnerabilities and, consequently, can be used to rigorously evaluate both existing and new vulnerability detection techniques and help developers learn about Android app vulnerabilities. In this paper, we describe Ghera, an open source repository of benchmarks that capture 25 known vulnerabilities in Android apps (as pairs of exploited/benign and exploiting/malicious apps). We also present desirable characteristics of vulnerability benchmarks and repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1

I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components, which improves the precision of the analysis. IccTA outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our approach detects 147 inter-component based privacy leaks in 14 applications in a set of 3000 real-world applications with a precision of 88.4%. With the help of ApkCombiner, our approach is able to detect inter-app based privacy leaks

Reflection-Aware Static Analysis of Android Apps

We demonstrate the benefits of DroidRA, a tool for taming reflection in Android apps. DroidRA first statically extracts reflection-related object values from a given Android app. Then, it leverages the extracted values to boost the app in a way that reflective calls are no longer a challenge for existing static analyzers. This is achieved through a bytecode instrumentation approach, where reflective calls are supplemented with explicit traditional Java method calls which can be followed by state-of-the-art analyzers which do not handle reflection. Instrumented apps can thus be completely analyzed by existing static analyzers, which are no longer required to be modified to support reflection-aware analysis. The video demo of DroidRA can be found at https://youtu.be/-HW0V68aAW

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code

DroidRA: Taming Reflection to Support Whole-Program Analysis of Android Apps

Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentation-based approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results

Sensitive and Personal Data: What Exactly Are You Talking About?

Mobile devices are pervasively used for a variety of tasks, including the processing of sensitive data in mobile apps. While in most cases access to this data is legitimate, malware often targets sensitive data and even benign apps collect more data than necessary for their task. Therefore, researchers have proposed several frameworks to detect and track the use of sensitive data in apps, so as to disclose and prevent unauthorized access and data leakage. Unfortunately, a review of the literature reveals a lack of consensus on what sensitive data is in the context of technical frameworks like Android. Authors either provide an intuitive definition or an ad-hoc definition, derive their definition from the Android permission model, or rely on previous research papers which do or do not give a definition of sensitive data. In this paper, we provide an overview of existing definitions of sensitive data in literature and legal frameworks. We further provide a sound definition of sensitive data derived from the definition of personal data of several legal frameworks. To help the scientific community further advance in this field, we publicly provide a list of sensitive sources from the Android framework, thus starting a community project leading to a complete list of sensitive API methods across different frameworks and programming languages

Extension of the Chiral Perturbation Theory Meson Lagrangian to Order P6P^6

We have derived the most general chirally invariant Lagrangian ${\cal L}_6$ for the meson sector at order $p^6$. The result provides an extension of the standard Gasser-Leutwyler Lagrangian ${\cal L}_4$ to one higher order, including as well all the odd intrinsic parity terms in the Lagrangian. The most difficult part of the derivation was developing a systematic strategy so as to get all of the independent terms and eliminate the redundant ones in an efficient way. The 'equation of motion' terms, which are redundant in the sense that they can be transformed away via field transformations, are separated out explicitly. The resulting Lagrangian has been separated into groupings of terms contributing to increasingly more complicated processes, so that one does not have to deal with the full result when calculating $p^6$ contributions to simple processes.Comment: 59 pages in LaTex, using RevTex macro, TRIUMF preprint TRI-PP-94-6

Negative Results of Fusing Code and Documentation for Learning to Accurately Identify Sensitive Source and Sink Methods An Application to the Android Framework for Data Leak Detection

Almost two-thirds of the population owns a mobile phone. Given that there is a profusion of mobile applications that manipulate all sorts of data, privacy-related concerns arise more and more. New regulations such as the General Data Protection Regulation (GDPR) provide rules for which developers must comply when their apps process sensitive and/or private data. Ensuring that no such data is leaked without the consent of the user is a primary objective in each GDPR compliance check. Researchers have proposed sophisticated approaches to track sensitive data within mobile apps, all of which rely on specific lists of sensitive source and sink methods. The data flow analysis results greatly depend on these lists' quality. Previous approaches either used incomplete hand-written lists and quickly became outdated or relied on machine learning. The latter, however, leads to numerous false positives, as we show. This paper introduces CoDoC that aims to revive the machine-learning approach to precisely identify the privacy-related source and sink API methods. In contrast to previous approaches, CoDoC uses deep learning techniques and combines the source code with the documentation of API methods. Firstly, we propose novel definitions that clarify the concepts of taint analysis, source, and sink methods. Secondly, based on these definitions, we build a new ground truth of Android methods representing sensitive source, sink, and neither methods that will be used to train our classifier. We evaluate CoDoC and show that, on our validation dataset, it achieves a precision, recall, and F1 score of 91%, outperforming the state-of-the-art SuSi. However, similarly to existing tools, we show that in the wild, i.e., with unseen data, CoDoC performs poorly and generates many false-positive results. Our findings suggest that machine-learning models for abstract concepts such as privacy fail in practice despite good lab results. To encourage future research, we release all our artifacts to the community

Molecular Epidemiology of Foot-and-Mouth Disease Virus in the Context of Transboundary Animal Movement in the Far North Region of Cameroon

Transboundary movement of animals is an important mechanism for foot-and-mouth disease virus (FMDV) spread in endemic regions, such as Cameroon. Several transboundary animal trade routes cross the Far North Region of Cameroon, and cattle moved on foot along these routes often come in contact with native (sedentary and transhumant) herds. The purpose of this study was to investigate the role of transboundary trade cattle in the epidemiology of FMDV in the Far North Region of Cameroon. A total of 582 oropharyngeal fluid (OPF) samples were collected from asymptomatic transboundary trade cattle at official border check points and 57 vesicle epithelial tissues were collected from clinically affected native cattle in the Far North Region of Cameroon during 2010–2014. Viral protein 1 (VP1) coding sequences were obtained from 6 OPF samples from transboundary cattle (4 serotype O, 2 serotype SAT2) and 19 epithelial tissue samples from native cattle (7 serotype O, 3 serotype SAT2, 9 serotype A). FMDV serotype O viruses belonged to two topotypes (East Africa-3 and West Africa), and phylogenetic analyses suggested a pattern of continuous transmission in the region. Serotype SAT2 viruses belonged to a single topotype (VII), and phylogenetic analysis suggested a pattern of repeated introductions of different SAT2 lineages in the region. Serotype A viruses belonged to topotype AFRICA/G-IV, and the pattern of transmission was unclear. Spearman rank correlation analysis of VP1 coding sequences obtained in this study from transboundary and native cattle showed a positive correlation between genetic distance and time for serotype O (ρ = 0.71, p = 0.003) and between genetic distance and geographic distance for serotype SAT2 (ρ = 0.54, p = 0.1). These data suggest that transboundary trade cattle participate in the transmission of FMDV in the Far North Region of Cameroon, however the dynamics and direction of transmission could not be determined in this study. Results of this study contribute to the understanding of transboundary FMDV epidemiology in Central Africa and will help to inform control programs in Cameroon and in the region