Do Android taint analysis tools keep their promises?

@article{Pauck2018DoAT,
  title={Do Android taint analysis tools keep their promises?},
  author={Felix Pauck and Eric Bodden and Heike Wehrheim},
  journal={Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  year={2018}
}
  • Felix Pauck, E. Bodden, H. Wehrheim
  • Published 9 April 2018
  • Computer Science
  • Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for… 

Figures and Tables from this paper

Reproducing Taint-Analysis Results with ReproDroid
TLDR
The framework ReproDroid is proposed, which enables the conduct a comparable, automatic and unbiased evaluation of different analysis tools, and instantiate this framework for six prominent taint-analysis tools, namely Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA.
A Qualitative Analysis of Android Taint-Analysis Results
TLDR
COVA is designed, an analysis tool to compute partial path constraints that inform about the circumstances under which taint flows may actually occur in practice, and shows that few tainted flows are guarded by multiple different kinds of conditions simultaneously, so tools that seek to confirm true positives dynamically can concentrate on one kind at a time.
TaintBench: Automatic real-world malware benchmarking of Android taint analyses
TLDR
Criteria for constructing real-world benchmark suites for static taint analyses of Android applications is recommended, and TaintBench, the first real- world malware benchmark suite with documented taint flows is presented, is presented.
Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques
TLDR
The Mutation-Based Soundness Evaluation (μSE) framework is described, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded practice of mutation analysis.
ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
TLDR
A hybrid context matching algorithm and corresponding tool, ConDySTA, is developed to preserve context sensitivity in DySTA and was able to detect 39 additional taint flows while preserving the context sensitivity of FlowDroid.
Together strong: cooperative Android app analysis
TLDR
CoDiDroid is presented, a framework for cooperative Android app analysis that allows users to ask questions about flows in apps in varying degrees of detail, and experimentally shows that cooperation among tools pays off with respect to effectiveness, precision and scalability.
BenchPress: Analyzing Android App Vulnerability Benchmark Suites
TLDR
Empirically evaluated four Android-specific benchmark suites, identifying the APIs used by the suite that were discussed on Stack Overflow in the context of Android app development and measuring the usage of these APIs in a sample of 227K real-world apps to assess the opportunities to extend benchmark suites.
Meizodon: Security Benchmarking Framework for Static Android Malware Detectors
TLDR
Meizodon is proposed, a novel framework to install Android static security analysis tools and run them efficiently in a distributed fashion, in equal environments and against a suitable dataset, and it is found that the accuracy of tested analysis tools is low, and analysis fails for many apks.
2 Study Approach 2 . 1 Using API usage as a measure of representativeness
TLDR
The findings in this paper can help Android security analysis tool developers choose benchmark suites that are best suited to evaluate their tools (informed by coverage and pairwise comparison) and Android specific benchmark creators improve API usage based representativeness of suites ( informed by gaps).
Android App Merging for Benchmark Speed-Up and Analysis Lift-Up
  • Felix Pauck, Shikun Zhang
  • Computer Science
    2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)
  • 2019
TLDR
The Android Merge Tool (AMT) is implemented and it is shown that its novel aspects can be used to produce scaled up and accurate benchmarks and why AMT is an advantageous successor of the state-of-the-art app merging tool (APKCOMBINER) in analysis lift-up scenarios.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 36 REFERENCES
*droid: Assessment and Evaluation of Android Application Analysis Tools
TLDR
The first systematization of Android security research that analyzes applications is performed, characterizing the work published in more than 17 top venues since 2010 and finding not only that significant work remains to be done in terms of research coverage but also that the tools suffer from significant issues.
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
TLDR
Amandroid's analysis is sound in that it can provide assurance of the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library.
HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving
TLDR
HornDroid is the first static analysis tool for Android to come with a formal proof of soundness, which covers the core of the analysis technique: besides yielding correctness assurances, this proof allowed us to identify some critical corner-cases that affect the soundness guarantees provided by some of the previous static analysis tools for Android.
TeICC: targeted execution of inter-component communications in Android
TLDR
This work uses targeted execution of interesting code paths to solve the issues of obfuscation and dynamic code updates and implements a proof of concept, TelCC, and reports the results of the evaluation.
PScout: analyzing the Android permission specification
TLDR
An analysis of the permission system of the Android smartphone OS is performed and it is found that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permissions specification as the Android OS evolves.
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
TLDR
FlowDroid is presented, a novel and highly precise static taint analysis for Android applications that successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project.
Analyzing the analyzers: FlowDroid/IccTA, AmanDroid, and DroidSafe
TLDR
A large, controlled, and independent comparison of the three most prominent static analysis tools: FlowDroid combined with IccTA, Amandroid, and DroidSafe is provided.
Practical, Formal Synthesis and Automatic Enforcement of Security Policies for Android
TLDR
The approach, realized in a tool, called SEPAR, combines static analysis with lightweight formal methods to automatically infer security-relevant properties from a bundle of apps, from which fine-grained security policies are derived and automatically enforced to protect a given device.
Android taint flow analysis for app sets
TLDR
A new static taint analysis for Android is described that combines and augments the FlowDroid and Epicc analyses to precisely track both inter-component and intra-component data flow in a set of Android applications.
...
1
2
3
4
...