Software applications developed for the Android platform are very popular. Due to this, static analysis of these applications has received a lot of attention recently. An Android application is essentially an asynchronous, event-driven program. The Android framework manages the state of the application by invoking callbacks, called lifecycle callbacks, in pre-defined orders. Unfortunately, the existing static analysis techniques treat the callbacks synchronously. Additionally, they do not model all possible orderings of lifecycle callbacks. These may result in unsound analysis results. In this work, we present a precise representation of control flow of Android applications called Android inter-component control flow graph (AICCFG). In this representation, the asynchronous nature of the callbacks is modeled accurately. Further, all interleavings of callbacks of different components of an Android application are modeled in AICCFG. We use this representation to design a typestate analysis of Android applications. Android applications use a rich set of resources such as camera and media player whose safe usage is governed by some state machines. Using the typestate analysis, we can verify whether an application uses a resource safely or not. We have implemented the construction of AICCFG and the typestate analysis in the Soot framework. We have also implemented a variant of typestate analysis which uses the unsound control flow model used commonly in the literature. To compare our AICCFG based analysis with this, we present a benchmark of Android applications called AsyncBench. It comprises applications that use various resources in both safe and unsafe manner. The experiments over this benchmark demonstrate the benefits of our more precise control flow model and the typestate analysis.
[1]
Jacques Klein,et al.
IccTA: Detecting Inter-Component Privacy Leaks in Android Apps
,
2015,
2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.
[2]
Sankardas Roy,et al.
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
,
2014,
CCS.
[3]
Laurie Hendren,et al.
Soot: a Java bytecode optimization framework
,
2010,
CASCON.
[4]
Thomas W. Reps,et al.
Precise interprocedural dataflow analysis via graph reachability
,
1995,
POPL '95.
[5]
Jacques Klein,et al.
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
,
2014,
PLDI.
[6]
Eran Yahav,et al.
Effective typestate verification in the presence of aliasing
,
2006,
TSEM.
[7]
Wenke Lee,et al.
CHEX: statically vetting Android apps for component hijacking vulnerabilities
,
2012,
CCS.
[8]
Byung-Gon Chun,et al.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
,
2010,
OSDI.
[9]
Jacques Klein,et al.
Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis
,
2013
.
[10]
Robert E. Strom,et al.
Typestate: A programming language concept for enhancing software reliability
,
1986,
IEEE Transactions on Software Engineering.
[11]
Rupak Majumdar,et al.
Interprocedural analysis of asynchronous programs
,
2007,
POPL '07.