Learn More
Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by carelessly programmed apps that leak important data by accident, and by malicious apps that exploit their given privileges to copy such data intentionally. While existing static taint-analysis approaches have the potential of(More)
Many threats present in smartphones are the result of interactions between application components, not just ar-tifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of applications. In this paper, we reduce the discovery of inter-component communication (ICC) in(More)
<i>Shake Them All</i> is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record(More)
The fluidity of application markets complicate smart-phone security. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smartphone applications. This paper seeks to better understand smart-phone application security by studying 1,100 popular free Android applications.(More)
Many program analyses require statically inferring the possible values of composite types. However, current approaches either do not account for correlations between object fields or do so in an <i>ad hoc</i> manner. In this paper, we introduce the problem of composite constant propagation. We develop the first generic solver that infers all possible values(More)
Today's smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive data, or to track users without their consent or even the users noticing. Dynamic program analyses fail to discover such malicious activity because apps(More)
Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components , which improves the precision of the analysis. IccTA(More)
Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data(More)
In contrast to the Android application layer, An-droid's application framework's internals and their influence on the platform security and user privacy are still largely a black box for us. In this paper, we establish a static runtime model of the application framework in order to study its internals and provide the first high-level classification of the(More)