A framework for static detection of privacy leaks in android applications

Mann, Christopher; Starostin, Artem

doi:10.1145/2245276.2232009

Cited by 80 publications

(51 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Multiple prior works use static analysis to detect intracomponent privacy leaks in Android apps [7], [22], [26], [35], [47]. AndroidLeaks [22] and LeakMiner [47] state the ability to handle the Android lifecycle including callback methods, but the two tools are not context-sensitive which precludes the precise analysis of many practical scenarios.…”

Section: Related Workmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

393

360

View full text Add to dashboard Cite

Abstract-Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components.Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting intercomponent detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps.

show abstract

Section: Related Workmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

393

360

View full text Add to dashboard Cite

show abstract

“…In [8], Batyuk et al proposed using static analysis for identifying security and privacy threats. AndroidLeaks [9], SCANDAL [10], and the approach presented in [11] are frameworks that detect privacy information leakage based on static analysis. Furthermore, in [12], the Android Application Sandbox (AAS) is proposed by Blasing et al AAS uses both static and dynamic analysis, where the static analysis part is based on matching 5 different patterns from decompiled code.…”

Section: Related Workmentioning

confidence: 99%

High accuracy android malware detection using ensemble learning

Yerima

Sezer

Muttik³

2015

IET Information Security

158

View full text Add to dashboard Cite

Abstract-With over 50 billion downloads and more than 1.3 million apps in Google's official market, Android has continued to gain popularity amongst smartphone users worldwide. At the same time there has been a rise in malware targeting the platform, with more recent strains employing highly sophisticated detection avoidance techniques. As traditional signature based methods become less potent in detecting unknown malware, alternatives are needed for timely zero-day discovery. Thus this paper proposes an approach that utilizes ensemble learning for Android malware detection. It combines advantages of static analysis with the efficiency and performance of ensemble machine learning to improve Android malware detection accuracy. The machine learning models are built using a large repository of malware samples and benign apps from a leading antivirus vendor.Experimental results and analysis presented shows that the proposed method which uses a large feature space to leverage the power of ensemble learning is capable of 97.3 % to 99% detection accuracy with very low false positive rates.

show abstract

“…In this section we assess to what extent current static [2]- [7], [9], [12], [13] and dynamic [14], [15] code analysis approaches could benefit from our categorized sources/sinks list. As our results show, SUSI finds all the sources and sinks these previous approaches mention, plus many others which the community was previously unaware of, including some of which are actually being used by malware.…”

Section: E Rq5: Existing Lists Of Sources and Sinksmentioning

confidence: 99%

“…As our results show, SUSI finds all the sources and sinks these previous approaches mention, plus many others which the community was previously unaware of, including some of which are actually being used by malware. Most of the code-analysis tools were not publicly available, precluding one from directly comparing their source and sink lists to SUSI's [2], [3], [6], [7], [9], [15]. For those approaches we thus estimated the lists from their research papers.…”

Section: E Rq5: Existing Lists Of Sources and Sinksmentioning

confidence: 99%

A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

Rasthofer¹,

Arzt²,

Bodden³

2014

Proceedings 2014 Network and Distributed System Security Symposium

259

154

View full text Add to dashboard Cite

Abstract-Today's smartphone users face a security dilemma: many apps they install operate on privacy-sensitive data, although they might originate from developers whose trustworthiness is hard to judge. Researchers have addressed the problem with more and more sophisticated static and dynamic analysis tools as an aid to assess how apps use private user data. Those tools, however, rely on the manual configuration of lists of sources of sensitive data as well as sinks which might leak data to untrusted observers. Such lists are hard to come by.We thus propose SUSI, a novel machine-learning guided approach for identifying sources and sinks directly from the code of any Android API. Given a training set of hand-annotated sources and sinks, SUSI identifies other sources and sinks in the entire API. To provide more fine-grained information, SUSI further categorizes the sources (e.g., unique identifier, location information, etc.) and sinks (e.g., network, file, etc.).For Android 4.2, SUSI identifies hundreds of sources and sinks with over 92% accuracy, many of which are missed by current information-flow tracking tools. An evaluation of about 11,000 malware samples confirms that many of these sources and sinks are indeed used. We furthermore show that SUSI can reliably classify sources and sinks even in new, previously unseen Android versions and components like Google Glass or the Chromecast API.

show abstract

A framework for static detection of privacy leaks in android applications

Cited by 80 publications

References 11 publications

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

High accuracy android malware detection using ensemble learning

A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

Contact Info

Product

Resources

About