Runtime verification using policy-based approach to control information flow

“…IFC focuses on the flow of confidential user information. User information is a transfer, broadcast, and process during the execution of untrusted programs or software systems to make sure that the method of transmission will be operated securely [42][43][44][45][46]. Information flow is not restricted to a single component of an app but occurs frequently between components of the same context and even various apps [47].…”

“…The static analysis mechanisms are used to analyze the applications in an isolated way, use the data and information flow examination of symbolic execution to determine a priori whether an app will leak privacy information or not without running the program. Static analysis exam all possible execution tracks including those paths which already been executed and detect the malicious behavior in the code segments [6,18,26,38,44,[51][52][53][54]. However, [15,55] discussed that a static analysis method is a complicated approach for android mobile applications due to three main reasons: (1) Android applications consist of different components, i.e.…”

“…The second type of analysis is dynamic information flow analysis which is concerned with monitoring, tracking, and regulating a program execution during runtime. This type is more precise than static analysis because it requires the current execution of the program to reach appropriate code coverage; it does not leak information and can also cover language features, e.g., pointers, arrays, and exceptions easier than static analysis [44,[56][57][58]. Also, the researchers may perform a combination of other analysis techniques such as, program re-write techniques that are considered as one of the runtime approaches.…”

“…It detects, monitors and follows different events when applications deal with the data coming/going from/too sensitive information sources, e.g., device location sensor, user phone contacts, then reporting these applications, data type, and network destination to the user [45]. [44] 4) Backward slicing, this type of slicing is calculated from any point in the program to discover all statements that can affect specific variables [44]. Therefore, the researchers have reviewed different tools that used the approaches mentioned above.…”

“…As well as, since the Android InstrumentationTestRunner method does not support the instrumentation of network input, the tool cannot simulate network inputs generated by symbolic execution [91]. Moreover, [44] introduced a new approach which provided a dynamic and operational information security solution. This approach supports the interaction between the user and the security process where users can manage the security of their applications without defining intricate security policies before running the mobile application.…”

User Privacy and Data Flow Control for Android Apps: Systematic Literature Review

“…IFC focuses on the flow of confidential user information. User information is a transfer, broadcast, and process during the execution of untrusted programs or software systems to make sure that the method of transmission will be operated securely [42][43][44][45][46]. Information flow is not restricted to a single component of an app but occurs frequently between components of the same context and even various apps [47].…”

“…The static analysis mechanisms are used to analyze the applications in an isolated way, use the data and information flow examination of symbolic execution to determine a priori whether an app will leak privacy information or not without running the program. Static analysis exam all possible execution tracks including those paths which already been executed and detect the malicious behavior in the code segments [6,18,26,38,44,[51][52][53][54]. However, [15,55] discussed that a static analysis method is a complicated approach for android mobile applications due to three main reasons: (1) Android applications consist of different components, i.e.…”

“…The second type of analysis is dynamic information flow analysis which is concerned with monitoring, tracking, and regulating a program execution during runtime. This type is more precise than static analysis because it requires the current execution of the program to reach appropriate code coverage; it does not leak information and can also cover language features, e.g., pointers, arrays, and exceptions easier than static analysis [44,[56][57][58]. Also, the researchers may perform a combination of other analysis techniques such as, program re-write techniques that are considered as one of the runtime approaches.…”

“…It detects, monitors and follows different events when applications deal with the data coming/going from/too sensitive information sources, e.g., device location sensor, user phone contacts, then reporting these applications, data type, and network destination to the user [45]. [44] 4) Backward slicing, this type of slicing is calculated from any point in the program to discover all statements that can affect specific variables [44]. Therefore, the researchers have reviewed different tools that used the approaches mentioned above.…”

“…As well as, since the Android InstrumentationTestRunner method does not support the instrumentation of network input, the tool cannot simulate network inputs generated by symbolic execution [91]. Moreover, [44] introduced a new approach which provided a dynamic and operational information security solution. This approach supports the interaction between the user and the security process where users can manage the security of their applications without defining intricate security policies before running the mobile application.…”

User Privacy and Data Flow Control for Android Apps: Systematic Literature Review

Mobile Cloud Computing: Security Issues and Considerations

Bytecode instrumentation mechanism for monitoring mobile application information flow