Detecting Privacy Leaks through Existing Android Frameworks
No Thumbnail Available
Date
2017-04-02
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
The Android application ecosystem has thrived, with hundreds of thousands of applications
(apps) available to users; however, not all of them are safe or privacy-friendly.
Analyzing these many apps for malicious behaviors is an important but challenging
area of research as malicious apps tend to use prevalent stealth techniques, e.g.,
encryption, code transformation, and other obfuscation approaches to bypass detection.
Academic researchers and security companies have realized that the traditional
signature-based and static analysis methods are inadequate to deal with this evolving
threat. In recent years, a number of static and dynamic code analysis proposals for
analyzing Android apps have been introduced in academia and in the commercial
world. Moreover, as a single detection approach may be ineffective against advanced
obfuscation techniques, multiple frameworks for privacy leakage detection have been
shown to yield better results when used in conjunction.
In this dissertation, our contribution is two-fold. First, we organize 32 of the
most recent and promising privacy-oriented proposals on Android apps analysis into
two categories: static and dynamic analysis. For each category, we survey the stateof-
the-art proposals and provide a high-level overview of the methodology they rely
on to detect privacy-sensitive leakages and app behaviors. Second, we choose one
popular proposal from each category to analyze and detect leakages in 5,000 Android
apps. Our toolchain setup consists of IntelliDroid (static) to find and trigger
sensitive API (Application Program Interface) calls in target apps and leverages
TaintDroid (dynamic) to detect leakages in these apps. We found that about 33%
of the tested apps leak privacy-sensitive information over the network (e.g., IMEI,
location, UDID), which is consistent with existing work. Furthermore, we highlight
the efficiency of combining IntelliDroid and TaintDroid in comparison with Android
Monkey and TaintDroid as used in most prior work. We report an overall increase in
the frequency of leakage of identifiers. This increase may indicate that IntelliDroid is
a better approach over Android Monkey.
Description
Keywords
Detecting Privacy, Leaks Through, Existing Android, Frameworks