The Android logging mechanism is used by many Android applications. Even the Android framework uses this mechanism for outputting debug information. But does this logging mechanism also include private information? This article gives a short overview of the privacy-sensitive information that could be gathered from the Android logging mechanism. It also describes Google’s countermeasure of accessing the “log file” since Android 4.1 and what kind of possibilities an attacker still has. Read the rest of this entry »
The Android Logging Service – A Dangerous Feature for User Privacy?
Eric | May 17, 2013RV Deadline postponed
Eric | May 13, 2013The deadline for the International Conference on Runtime Verification has been postponed to May 28th. This is your chance to submit another paper to RV!
FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps
Eric | May 10, 2013In our new technical report Highly Precise Taint Analysis for Android Applications we present our new tool FlowDroid which implements a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
Furthermore, we also created an Android benchmark suite, DroidBench, as a testing ground for static and dynamic security tools.
This is joint work with Alexandre Bartel, Jacques Klein and Yves le Traon from the University of Luxembourg and with Damien Octeau and Patrick McDaniel from Penn State University.
Abstract:
Today’s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive data, or to track users without their consent or even the users noticing. Dynamic program analy- ses fail to discover such malicious activity because apps have learned to recognize the analyses as they execute.
In this work we present FlowDroid, a novel and highly precise taint analysis for Android applications. A precise model of Android’s lifecycle allows the analysis to prop- erly handle callbacks, while context, flow, field and object- sensitivity allows the analysis to track taints with a degree of precision unheard of from previous Android analyses.
We also propose DroidBench, an open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DroidBench and a set of well-known Android test applications, our approach finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, our approach achieves 93% recall and 86% precision, greatly outperforming the commercial tools AppScan Source and Fortify SCA.
Where can I find more information?
More information is available here.
These are the Android Sources and Sinks Nobody was Looking at
Eric | May 10, 2013Code analysis tools for taint tracking – statically, dynamically or hybrid – are only as good as the definition of sources and sinks. The tools check if there is a potential flow between a source and a sink and inform the analyst about their findings. We checked different code analysis tools in the area of Android and found out that all tools do only contain a hand-picked amount of sources and sinks. This gave us the motivation to create a novel tool for the fully automated generation of Android sources and sinks.
We wrote a technical report SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks that describes the details of our approach.
Abstract:
Today’s smartphone users face a security dilemma: many apps they install operate on privacy-sensitive data, although they might originate from developers whose trustworthiness is hard to judge. Researchers have proposed more and more sophisticated static and dynamic analysis tools as an aid to assess the behavior of such applications. Those tools, however, are only as good as the privacy policies they are configured with. Policies typically refer to a list of sources of sensitive data as well as sinks which might leak data to untrusted observers. Sources and sinks are a moving target: new versions of the mobile operating system regularly introduce new methods, and security tools need to be re- configured to take them into account.
In this work we show that, at least for the case of Android, the API comprises hundreds of sources and sinks. We propose SuSi, a novel and fully automated machine-learning approach for identifying sources and sinks directly from the Android source code. On our training set, SuSi achieves a recall and precision of more than 92%. To provide more fine-grained information, SuSi further categorizes the sources (e.g., unique identifier, location information, etc.) and sinks (e.g., network, file, etc.), with an average precision and recall of about 89%. We also show that many current program analysis tools can be circumvented because they use hand-picked lists of source and sinks which are largely incomplete, hence allowing many potential data leaks to go unnoticed.
Where can I find more information?
More information can be found here.
Is the tool available online?
Yes! The tool is open source tool and can be downloaded from GitHub and here.