Execution enhanced static detection of android privacy leakage hidden by dynamic class loading

Yufei Yang, Wenbo Luo, Yu Pei, Minxue Pan, Tian Zhang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

3 Citations (Scopus)

Abstract

Mobile apps often need to collect and/or access sensitive user information to fulfill their purposes, but they may also leak such information either intentionally or accidentally, causing financial and/or emotional damages to users. In the past few years, researchers have developed various techniques to detect privacy leakage in mobile apps, however, such detection remains a challenging task when privacy leakage is implemented via dynamic class loading (DCL). In this work, we propose the DL2 technique that enhances static analysis with dynamic app execution to effectively detect privacy leakage implemented via DCL in Android apps. To evaluate DL2, we construct a benchmark of 88 subject apps with 2578 injected privacy leaks and apply DL2 to the apps. DL2 was able to detect 1073, or 42%, of the leaks, significantly outperforming existing state-of-the-art privacy leakage detection tools.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE 43rd Annual Computer Software and Applications Conference, COMPSAC 2019
EditorsVladimir Getov, Jean-Luc Gaudiot, Nariyoshi Yamai, Stelvio Cimato, Morris Chang, Yuuichi Teranishi, Ji-Jiang Yang, Hong Va Leong, Hossian Shahriar, Michiharu Takemoto, Dave Towey, Hiroki Takakura, Atilla Elci, Susumu Takeuchi, Satish Puri
PublisherIEEE Computer Society
Pages149-158
Number of pages10
ISBN (Electronic)9781728126074
DOIs
Publication statusPublished - Jul 2019
Event43rd IEEE Annual Computer Software and Applications Conference, COMPSAC 2019 - Milwaukee, United States
Duration: 15 Jul 201919 Jul 2019

Publication series

NameProceedings - International Computer Software and Applications Conference
Volume1
ISSN (Print)0730-3157

Conference

Conference43rd IEEE Annual Computer Software and Applications Conference, COMPSAC 2019
Country/TerritoryUnited States
CityMilwaukee
Period15/07/1919/07/19

Keywords

  • Constraint Solving
  • Dynamic Class Loading
  • Privacy Leakage Detection
  • Taint Analysis

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Cite this