In our new technical report Highly Precise Taint Analysis for Android Applications we present our new tool FlowDroid which implements a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
Furthermore, we also created an Android benchmark suite, DroidBench, as a testing ground for static and dynamic security tools.
This is joint work with Alexandre Bartel, Jacques Klein and Yves le Traon from the University of Luxembourg and with Damien Octeau and Patrick McDaniel from Penn State University.
Abstract:
Today’s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive data, or to track users without their consent or even the users noticing. Dynamic program analy- ses fail to discover such malicious activity because apps have learned to recognize the analyses as they execute.
In this work we present FlowDroid, a novel and highly precise taint analysis for Android applications. A precise model of Android’s lifecycle allows the analysis to prop- erly handle callbacks, while context, flow, field and object- sensitivity allows the analysis to track taints with a degree of precision unheard of from previous Android analyses.
We also propose DroidBench, an open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DroidBench and a set of well-known Android test applications, our approach finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, our approach achieves 93% recall and 86% precision, greatly outperforming the commercial tools AppScan Source and Fortify SCA.
Where can I find more information?
More information is available here.