When a user downloads an Android application from a market, she does not know much about its actual behavior. A brief description, a set of screenshots, and the list of permissions, which give a high level intuition of what the application might be doing, are all the user sees before installing and running the application on his device. These elements are not enough to decide whether the application is secure, and for sure they do not indicate whether it might violate the user's privacy by leaking some sensitive data.The goal of my thesis is to employ both static and dynamic taint analyses to gather information on how Android applications use sensitive data. The main hypothesis of this work is that malicious and benign mobile applications differ in how they use sensitive data, and consequently information flow can be used effectively to identify malware.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.