B-droid: A Static Taint Analysis Framework for Android Applications

Abstract: Android is currently the most popular smartphone operating system in use, with its success attributed to the large number of applications available from the Google Play Store. However, these contain issues relating to the storage of the user's sensitive data, including contacts, location, and the phone's unique identifier (IMEI). Use of these applications therefore risks exfiltration of this data, including unauthorized tracking of users' behavior and violation of their privacy. Sensitive data leaks are curren… Show more

“…Static taint analysis techniques rely on the possible presence of contaminated data streams in the target object, mainly for weblike applications [1] [2] and Android [3][4] applications, as both target objects are characterised by a large number of user interactions, a large number of risk points brought about by complex components and the availability of part or all of the source code. The detection of Web-based applications is mainly for their scripting languages, such as PHP [5] and JavaScript [6]; the detection of Android applications aims at protect whether sensitive information [7] such as user privacy is stolen, for example, B-Droid [8] uses static taint analysis combined with fuzzy testing to IOP Publishing doi:10.1088/1742-6596/2258/1/012069 2 detect privacy leaks by analysing the tested application's behaviour to detect privacy leaks, which can effectively detect the five most popular types of commercial spyware in the market.…”

CSChecker : A binary taint-based vulnerability detection method based on static taint analysis

“…Static taint analysis techniques rely on the possible presence of contaminated data streams in the target object, mainly for weblike applications [1] [2] and Android [3][4] applications, as both target objects are characterised by a large number of user interactions, a large number of risk points brought about by complex components and the availability of part or all of the source code. The detection of Web-based applications is mainly for their scripting languages, such as PHP [5] and JavaScript [6]; the detection of Android applications aims at protect whether sensitive information [7] such as user privacy is stolen, for example, B-Droid [8] uses static taint analysis combined with fuzzy testing to IOP Publishing doi:10.1088/1742-6596/2258/1/012069 2 detect privacy leaks by analysing the tested application's behaviour to detect privacy leaks, which can effectively detect the five most popular types of commercial spyware in the market.…”

CSChecker : A binary taint-based vulnerability detection method based on static taint analysis

TaintSE: Dynamic Taint Analysis Combined with Symbolic Execution and Constraint Association

A vulnerability detection method based on sparse value flow graphs