Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis

Octeau, Damien; Jha, Somesh; Dering, Matthew L.; McDaniel, Patrick; Bartel, Alexandre; Li, Li; Klein, Jacques; Traon, Yves Le

doi:10.1145/2837614.2837661

Cited by 75 publications

(46 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are even a number of well know tools such as Soot [23] and dex2jar which allow the translation of Android app bytecode into Java. c) Java reflection, as already pointed out in several works, remains challenging for static analysis [24], [25]. All data in this study on the adoption of inacessible APIs by market apps are extracted from the detection of reflective calls using constant string analysis.…”

Section: What All This Meansmentioning

confidence: 99%

Accessing Inaccessible Android APIs: An Empirical Study

Bissyandé

Traon

et al. 2016

2016 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

Abstract-As Android becomes a de-facto choice of development platform for mobile apps, developers extensively leverage its accompanying Software Development Kit to quickly build their apps. This SDK comes with a set of APIs which developers may find limited in comparison to what system apps can do or what framework developers are preparing to harness capabilities of new generation devices. Thus, developers may attempt to explore in advance the normally "inaccessible" APIs for building unique API-based functionality in their app.The Android programming model is unique in its kind. Inaccessible APIs, which however are used by developers, constitute yet another specificity of Android development, and is worth investigating to understand what they are, how they evolve over time, and who uses them. To that end, in this work, we empirically investigate 17 important releases of the Android framework source code base, and we find that inaccessible APIs are commonly implemented in the Android framework, which are further neither forward nor backward compatible. Moreover, a small set of inaccessible APIs can eventually become publicly accessible, while most of them are removed during the evolution, resulting in risks for such apps that have leveraged inaccessible APIs. Finally, we show that inaccessible APIs are indeed accessed by third-party apps, and the official Google Play store has tolerated the proliferation of apps leveraging inaccessible API methods.

show abstract

Section: What All This Meansmentioning

confidence: 99%

Accessing Inaccessible Android APIs: An Empirical Study

Bissyandé

Traon

et al. 2016

2016 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Besides, the conservative setting, where a string is represented by a regular expression ("*") if COAL cannot statically infer its value, which could be taken as everything and thus may also introduce false positives. Applying a probabilistic model could potentially mitigate this threat [37]. Another threat is related to Dynamic Class Loading.…”

Section: Threats To Validitymentioning

confidence: 99%

DroidRA: taming reflection to support whole-program analysis of Android apps

Bissyandé

Octeau

et al. 2016

Proceedings of the 25th International Symposium on Software Testing and Analysis

Self Cite

130

View full text Add to dashboard Cite

Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentationbased approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results.

show abstract

“…Then, an ICC method startActivity is called, which switches the current execution from Activity1 to Activity2. Finally, in Activity2, the device id is retrieved and is eventually sent out of the device through sendTextMessage (lines [15][16][17] This privacy leak cannot be detected by intra-component analyzers such as FlowDroid [10], because the switching between Activity1 and Activity2 is unfortunately decided only by the system and it is non-trivial to obtain it directly at the code level [11], [12]. Therefore, in this work we present IccTA, a code instrumentation based approach, which modifies the code to be analyzed in a way that inter-component feature is mitigated.…”

Section: A Code Analysismentioning

confidence: 99%

Mining AndroZoo: A Retrospect

2017

2017 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

Abstract-This paper presents a retrospect of an Android app collection named AndroZoo and some research works conducted on top of the collection. AndroZoo is a growing collection of Android apps from various markets including the official Google Play. At the moment, over five million Android apps have been collected. Based on AndroZoo, we have explored several directions that mine Android apps for resolving various challenges. In this work, we summarize those resolved mining challenges in three research dimensions, including code analysis, app evolution analysis, malware analysis, and present in each dimension several case studies that experimentally demonstrate the usefulness of AndroZoo.

show abstract

Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis

Cited by 75 publications

References 41 publications

Accessing Inaccessible Android APIs: An Empirical Study

Accessing Inaccessible Android APIs: An Empirical Study

DroidRA: taming reflection to support whole-program analysis of Android apps

Mining AndroZoo: A Retrospect

Contact Info

Product

Resources

About