Detecting privacy leaks in Android apps

Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

1 Citation (Scopus)

Abstract

The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to intercomponent communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we explicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.

Original languageEnglish
Title of host publicationProceedings of the 2014 ESSoS Doctoral Symposium co-located with the International Symposium on Engineering Secure Software and Systems (ESSoS 2014)
EditorsWouter Joosen, Fabio Martinelli, Thomas Heyman
Place of PublicationAachen Germany
PublisherRheinisch-Westfaelische Technische Hochschule Aachen
Number of pages6
ISBN (Electronic)007412981
Publication statusPublished - 2014
Externally publishedYes
EventESSoS Doctoral Symposium 2014 - Munich, Germany
Duration: 26 Feb 201426 Feb 2014
https://distrinet.cs.kuleuven.be/events/essos/2014/?utm_source=researchbib

Publication series

NameCEUR Workshop Proceedings
PublisherRuzica Piskac
Volume1298
ISSN (Electronic)1613-0073

Conference

ConferenceESSoS Doctoral Symposium 2014
Abbreviated titleESSoS-DS 2014
CountryGermany
CityMunich
Period26/02/1426/02/14
Internet address

Keywords

  • CFG
  • ICC
  • Privacy leaks
  • Static analysis
  • Taint analysis

Cite this

Li, L., Bartel, A., Klein, J., & Le Traon, Y. (2014). Detecting privacy leaks in Android apps. In W. Joosen, F. Martinelli, & T. Heyman (Eds.), Proceedings of the 2014 ESSoS Doctoral Symposium co-located with the International Symposium on Engineering Secure Software and Systems (ESSoS 2014) [5] (CEUR Workshop Proceedings; Vol. 1298). Rheinisch-Westfaelische Technische Hochschule Aachen. http://ceur-ws.org/Vol-1298/paper5.pdf