• Publications
  • Influence
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
TLDR
FlowDroid is presented, a novel and highly precise static taint analysis for Android applications that successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project. Expand
IccTA: Detecting Inter-Component Privacy Leaks in Android Apps
TLDR
IccTA, a static taint analyzer to detect privacy leaks among components in Android applications goes beyond state-of-the-art approaches by supporting inter- component detection and propagating context information among components, which improves the precision of the analysis. Expand
A Study of Android Application Security
TLDR
A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications. Expand
Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis
TLDR
This paper reduces the discovery of inter-component communication in smartphones to an instance of the Interprocedural Distributive Environment (IDE) problem, and develops a sound static analysis technique targeted to the Android platform that finds ICC vulnerabilities with far fewer false positives than the next best tool. Expand
Composite Constant Propagation: Application to Android Inter-Component Communication Analysis
TLDR
This paper develops the first generic solver that infers all possible values of complex objects in an interprocedural, flow and context-sensitive manner, taking field correlations into account, and applies it to the problem of inferring Android Inter-Component Communication values. Expand
DroidRA: taming reflection to support whole-program analysis of Android apps
TLDR
The DroidRA instrumentation-based approach to address the issue of reflective calls in Android apps in a non-invasive way, and allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. Expand
On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
TLDR
A static runtime model of the application framework is established in order to study its internals and provides the first high-level classification of the framework’s protected resources, uncovering design patterns that differ highly from the runtime model at the application layer. Expand
Highly precise taint analysis for Android applications
TLDR
FlowDroid is presented, a novel and highly precise taint analysis for Android applications that achieves 93% recall and 86% precision, greatly outperforming the commercial tools AppScan Source and Fortify SCA. Expand
I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis
TLDR
This work performs inter-component data-flow analysis to detect privacy leaks between components of Android applications and outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6%. Expand
...
1
2
3
...