On tracking information flows through JNI in android applications

Chenxiong Qian, Xiapu Luo, Yuru Shao, Alvin T.S. Chan

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

56 Citations (Scopus)

Abstract

Android provides native development kit through JNI for developing high-performance applications (or simply apps). Although recent years have witnessed a considerable increase in the number of apps employing native libraries, only a few systems can examine them. However, none of them scrutinizes the interactions through JNI in them. In this paper, we conduct a systematic study on tracking information flows through JNI in apps. More precisely, we first perform a large-scale examination on apps using JNI and report interesting observations. Then, we identify scenarios where information flows uncaught by existing systems can result in information leakage. Based on these insights, we propose and implement NDroid, an efficient dynamic taint analysis system for checking information flows through JNI. The evaluation through real apps shows NDroid can effectively identify information leaks through JNI with low performance overheads.
Original languageEnglish
Title of host publicationProceedings of the International Conference on Dependable Systems and Networks
PublisherIEEE Computer Society
Pages180-191
Number of pages12
ISBN (Electronic)9781479922338
DOIs
Publication statusPublished - 1 Jan 2014
Event44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 - Atlanta, United States
Duration: 23 Jun 201426 Jun 2014

Conference

Conference44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014
CountryUnited States
CityAtlanta
Period23/06/1426/06/14

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this