COVERT: Compositional Analysis of Android Inter-App Permission Leakage

Bagheri, Hamid; Sadeghi, Alireza; Garcia, Joshua; Malek, Sam

doi:10.1109/tse.2015.2419611

Cited by 105 publications

(73 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Actually, this di↵erence makes these two approaches complementary to one another: type checking is good at explaining why a program was accepted while model checking is good at explaining why a program was rejected [123]. As an example, COVERT [75] first extracts relevant security specifications from a given app and then applies a formal model checking engine to verify whether the analyzed app is safe or not. For type checking, Cassandra [92] is presented to enable users of mobile devices to check whether Android apps comply with their personal privacy requirements even before installing these apps.…”

Section: Fundamental Analysis Methodsmentioning

confidence: 99%

Static analysis of android apps: A systematic literature review

Bissyand

Papadakis

et al. 2017

Information and Software Technology

250

176

View full text Add to dashboard Cite

Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps.Objective: We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put and enumerate the key aspects where future researches are still needed.Method: We have performed a systematic literature review which involves studying around 90 research papers published in software engineering, programming languages and security venues. This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed.Results: Our in-depth examination have led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available.Conclusion: The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers.

show abstract

Section: Fundamental Analysis Methodsmentioning

confidence: 99%

Static analysis of android apps: A systematic literature review

Bissyand

Papadakis

et al. 2017

Information and Software Technology

250

176

View full text Add to dashboard Cite

show abstract

“…In addition, users may have different concerns about the different privacy-levels of permissions. Information may be misused not only by the developers of those apps but also by the developers of other apps through an inter-app function-call approach [4].…”

Section: Introductionmentioning

confidence: 99%

The Impact s of Requested Permission on Mobile App Adoption: The Insights Based on an Experiment in Taiwan

Lai¹,

Hsu²,

Wu³

2018

Proceedings of the 51st Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…The master thesis [32] provides an analysis of covert channels on mobile devices. COVERT [33] is a tool for compositional analysing interapp vulnerabilities. TaintDroid [34], an information-flow tracking system, provides a real time analysis by leveraging Android's virtualized execution environment.…”

Section: Detecting Malicious Inter-app Communicationmentioning

confidence: 99%

Towards a threat assessment framework for apps collusion

2017

View full text Add to dashboard Cite

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel Security TM .

show abstract

COVERT: Compositional Analysis of Android Inter-App Permission Leakage

Cited by 105 publications

References 17 publications

Static analysis of android apps: A systematic literature review

Static analysis of android apps: A systematic literature review

The Impact s of Requested Permission on Mobile App Adoption: The Insights Based on an Experiment in Taiwan

Towards a threat assessment framework for apps collusion

Contact Info

Product

Resources

About