DroidRA: taming reflection to support whole-program analysis of Android apps

Li, Li; Bissyandé, Tegawendé F.; Octeau, Damien; Klein, Jacques

doi:10.1145/2931037.2931044

Cited by 130 publications

(96 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We found 185 (19%) piggybacked apps whose riders dynamically load code. Such schemes are often used by malware writers to break the control-flow of app, and thus challenge static detection of suspicious behaviour [30], [31]. Fig.…”

Section: F16mentioning

confidence: 99%

Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting

Bissyandé

et al. 2017

IEEE Trans.Inform.Forensic Secur.

Self Cite

143

119

View full text Add to dashboard Cite

Abstract-The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread to a large user base. Although recent research has produced approaches and tools to identify piggybacked apps, the literature lacks a comprehensive investigation into such phenomenon. We fill this gap by 1) systematically building a large set of piggybacked and benign apps pairs, which we release to the community, 2) empirically studying the characteristics of malicious piggybacked apps in comparison with their benign counterparts, and 3) providing insights on piggybacking processes. Among several findings providing insights analysis techniques should build upon to improve the overall detection and classification accuracy of piggybacked apps, we show that piggybacking operations not only concern app code, but also extensively manipulates app resource files, largely contradicting common beliefs. We also find that piggybacking is done with little sophistication, in many cases automatically, and often via library code.

show abstract

Section: F16mentioning

confidence: 99%

Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting

Bissyandé

et al. 2017

IEEE Trans.Inform.Forensic Secur.

Self Cite

143

119

View full text Add to dashboard Cite

show abstract

“…DroidRA [76] models the use of reflection with COAL [77] and reduces the resolution of reflective calls to a composite constant propagation problem.…”

Section: Related Workmentioning

confidence: 99%

Challenges for Static Analysis of Java Reflection - Literature Review and Empirical Study

Landman

Serebrenik

Vinju

2017

2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)

View full text Add to dashboard Cite

Abstract-The behavior of software that uses the Java Reflection API is fundamentally hard to predict by analyzing code. Only recent static analysis approaches can resolve reflection under unsound yet pragmatic assumptions. We survey what approaches exist and what their limitations are. We then analyze how realworld Java code uses the Reflection API, and how many Java projects contain code challenging state-of-the-art static analysis.Using a systematic literature review we collected and categorized all known methods of statically approximating reflective Java code. Next to this we constructed a representative corpus of Java systems and collected descriptive statistics of the usage of the Reflection API. We then applied an analysis on the abstract syntax trees of all source code to count code idioms which go beyond the limitation boundaries of static analysis approaches. The resulting data answers the research questions. The corpus, the tool and the results are openly available.We conclude that the need for unsound assumptions to resolve reflection is widely supported. In our corpus, reflection can not be ignored for 78 % of the projects. Common challenges for analysis tools such as non-exceptional exceptions, programmatic filtering meta objects, semantics of collections, and dynamic proxies, widely occur in the corpus. For Java software engineers prioritizing on robustness, we list tactics to obtain more easy to analyze reflection code, and for static analysis tool builders we provide a list of opportunities to have significant impact on real Java code.Keywords-Java; Reflection; Static Analysis; Systematic Literature Review; Empirical Study I. I Static analysis techniques are applied to support the efficiency and quality of software engineering tasks. Be it for understanding, validating, or refactoring source code, pragmatic static analysis tools exist to reduce error-prone manual labor and to increase the comprehension of complex software artefacts.Static analysis of object-oriented code is an exciting, ongoing and challenging research area, made especially challenging by dynamic language features (a.k.a. reflection). The Java Reflection API allows programmers to dynamically inspect and interact with otherwise static language concepts such as classes, fields and methods, e.g., to dynamically instantiate objects, set fields and invoke methods. These dynamic language features are useful, but their usage also wreaks havoc on the accuracy of static analysis results. This is due to the undecidability of resolving dynamic names and dynamic types.Until 2005, the analysis of code which uses the Reflection API was considered to be out of bounds for static analysis, and handled via user annotations or dynamic analysis; handling reflection would inherently be either unsound (due to unverified assumptions) or highly inaccurate (due to over-approximation) and render the contemporary static analysis tools impractical. Then, in 2005 Livshits et al. [1] published an analysis of how reflection was used in six large Java projects...

show abstract

“…The latter representations are derived from statement's type (e.g., if-statement, invoke-statement) instead of the exact statement string. These features have been introduced in previous work [1] not only to implement fast pairwise comparison but also to be resilient, to some extent, to obfuscation, i.e, the comparison will not be impacted in cases where variable names differ but will be impacted in cases where code structure changes (e.g., hide the real method call through reflection [10]). MPlugin further extracts all constants (numbers and strings) as features for comparison.…”

Section: A Feature Extractionmentioning

confidence: 99%

SimiDroid: Identifying and Explaining Similarities in Android Apps

Bissyandé

Klein

2017

2017 IEEE Trustcom/BigDataSE/Icess

Self Cite

View full text Add to dashboard Cite

Abstract-App updates and repackaging are recurrent in the Android ecosystem, filling markets with similar apps that must be identified and analyzed to accelerate user adoption, improve development efforts, and prevent malware spreading. Despite the existence of several approaches to improve the scalability of detecting repackaged/cloned apps, researchers and practitioners are eventually faced with the need for a comprehensive pairwise comparison to understand and validate the similarities among apps. This paper describes the design of SimiDroid, a framework for multi-level comparison of Android apps. SimiDroid is built with the aim to support the understanding of similarities/changes among app versions and among repackaged apps. In particular, we demonstrate the need and usefulness of such a framework based on different case studies implementing different analyzing scenarios for revealing various insights on how repackaged apps are built. We further show that the similarity comparison plugins implemented in SimiDroid yield more accurate results than the state-of-the-art.

show abstract

DroidRA: taming reflection to support whole-program analysis of Android apps

Cited by 130 publications

References 44 publications

Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting

Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting

Challenges for Static Analysis of Java Reflection - Literature Review and Empirical Study

SimiDroid: Identifying and Explaining Similarities in Android Apps

Contact Info

Product

Resources

About