Security researchers utilize taint analyses to uncover suspicious behaviors in Android apps. Current static taint analyzers cannot handle ICC, reflection, and lifecycles dependably, increasing the result verification cost. On the other hand, current dynamic taint trackers accurately detect execution paths. However, they depend on specific Android versions and modified devices, reducing their usability and applicability. In addition, they require app exercise every time running the taint analysis. This paper presents a new dynamic taint tracker called T-Recs, tracking information flows by recording and reconstructing the app execution. First, before the taint analysis, the app's runtime data are obtained by instrumenting logging code into the app's bytecode and running the app to be independent of specific Android versions and devices. Then, T-Recs performs the taint analysis accurately with the logged data and separately from the app exercise. This paper is an extended version of our work published. Previously, T-Recs' accuracy was mainly evaluated in privacy leak detection. The results show that T-Recs outperforms compared analyzers, which are FlowDroid (w/ and w/o IC3), Amandroid, DroidSafe, and TaintDroid (w/ and w/o IntelliDroid). This paper also involves DroidRA and IccTA. This paper shows that T-Recs detects ICC-and reflection-related leaks missed by FlowDroid in popular Google Play apps. The other static analyzers fail to analyze most of the apps. These experiments also indicate an advantage of T-Recs: its users can re-execute T-Recs' taint analysis without re-exercising the app. T-Recs' app-runtime overhead and parallel execution performance were also evaluated, and the results are acceptable.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.