Detecting privacy leaks in Android Apps

Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon

Research output: Contribution to journalArticleResearchpeer-review

Abstract

The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to intercomponent communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we explicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.

Original languageEnglish
JournalCEUR Workshop Proceedings
Volume1298
Publication statusPublished - 2014
Externally publishedYes

Keywords

  • CFG
  • ICC
  • Privacy leaks
  • Static analysis
  • Taint analysis

Cite this

Li, L., Bartel, A., Klein, J., & Le Traon, Y. (2014). Detecting privacy leaks in Android Apps. CEUR Workshop Proceedings, 1298.
Li, Li ; Bartel, Alexandre ; Klein, Jacques ; Le Traon, Yves. / Detecting privacy leaks in Android Apps. In: CEUR Workshop Proceedings. 2014 ; Vol. 1298.
@article{bc4228e015944c1992edf0d28122ed20,
title = "Detecting privacy leaks in Android Apps",
abstract = "The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to intercomponent communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we explicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.",
keywords = "CFG, ICC, Privacy leaks, Static analysis, Taint analysis",
author = "Li Li and Alexandre Bartel and Jacques Klein and {Le Traon}, Yves",
year = "2014",
language = "English",
volume = "1298",
journal = "CEUR Workshop Proceedings",
issn = "1613-0073",
publisher = "Rheinisch-Westfaelische Technische Hochschule Aachen * Lehrstuhl Informatik V",

}

Li, L, Bartel, A, Klein, J & Le Traon, Y 2014, 'Detecting privacy leaks in Android Apps', CEUR Workshop Proceedings, vol. 1298.

Detecting privacy leaks in Android Apps. / Li, Li; Bartel, Alexandre; Klein, Jacques; Le Traon, Yves.

In: CEUR Workshop Proceedings, Vol. 1298, 2014.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Detecting privacy leaks in Android Apps

AU - Li, Li

AU - Bartel, Alexandre

AU - Klein, Jacques

AU - Le Traon, Yves

PY - 2014

Y1 - 2014

N2 - The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to intercomponent communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we explicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.

AB - The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to intercomponent communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we explicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.

KW - CFG

KW - ICC

KW - Privacy leaks

KW - Static analysis

KW - Taint analysis

UR - http://www.scopus.com/inward/record.url?scp=84915746219&partnerID=8YFLogxK

M3 - Article

VL - 1298

JO - CEUR Workshop Proceedings

JF - CEUR Workshop Proceedings

SN - 1613-0073

ER -

Li L, Bartel A, Klein J, Le Traon Y. Detecting privacy leaks in Android Apps. CEUR Workshop Proceedings. 2014;1298.