Intents Analysis of Android Apps for Confidentiality Leakage Detection

Intents are Android’s intra- and inter-application communication mechanism. They specify an action to perform, with extra data, and are sent to a receiver component or broadcast to many components. Components, in the same or in a distinct app, receive the intent if they are available to perform the desired action. Hence, a sound static analyzer must be aware of information flows through intents. That can be achieved by considering intents as both source (when reading) and sink (when writing) of confidential data. But this is overly conservative if the intent stays inside the same app or if the set of apps installed on the device is known in advance. In such cases, a sound approximation of the flow of intents leads to a more precise analysis. This work describes SDLI, a novel static analyzer that, for each app, creates an XML summary file reporting a description of the tainted information in outwards intents and of the intents the app is available to serve. SDLI discovers confidential information leaks when two apps communicate, by matching their XML summaries, looking for tainted outwards intents of the first app that can be inwards intents of the second app. The tool is implemented inside Julia, an industrial static analyzer. On the DroidBench test cases, its shows a precision higher than 75%. On some popular apps from the Google Play marketplace, it spots inter-apps leaks of confidential data, hence showing its practical effectiveness.

[1]  Fausto Spoto The Julia Static Analyzer for Java , 2016, SAS.

[2]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[3]  Agostino Cortesi,et al.  Abstract interpretation of database query languages , 2012, Comput. Lang. Syst. Struct..

[4]  Agostino Cortesi,et al.  Vulnerability analysis of Android auto infotainment apps , 2018, CF.

[5]  Ondrej Lhoták,et al.  In defense of soundiness , 2015, Commun. ACM.

[6]  Étienne Payet,et al.  Static analysis of Android programs , 2012, Inf. Softw. Technol..

[7]  Agostino Cortesi,et al.  From CIL to Java bytecode: Semantics-based translation for static analysis leveraging , 2020, Sci. Comput. Program..

[8]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[9]  Agostino Cortesi,et al.  Cross-Programming Language Taint Analysis for the IoT Ecosystem , 2019, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[10]  Agostino Cortesi,et al.  Cross-program taint analysis for IoT systems , 2020, SAC.

[11]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[12]  Agostino Cortesi,et al.  Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications , 2015, VMCAI.

[13]  Eric Bodden,et al.  A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks , 2014, NDSS.

[14]  Michael D. Ernst,et al.  Boolean Formulas for the Static Identification of Injection Attacks in Java , 2015, LPAR.

[15]  Agostino Cortesi,et al.  SDLI: Static Detection of Leaks Across Intents , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[16]  Agostino Cortesi,et al.  A suite of abstract domains for static analysis of string values , 2015, Softw. Pract. Exp..

[17]  Alireza Sadeghi,et al.  A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software , 2017, IEEE Transactions on Software Engineering.

[18]  Agostino Cortesi,et al.  Extending Abstract Interpretation to Dependency Analysis of Database Applications , 2020, IEEE Transactions on Software Engineering.

[19]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[20]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[21]  Somesh Jha,et al.  Retargeting Android applications to Java bytecode , 2012, SIGSOFT FSE.

[22]  Vijay Laxmi,et al.  Android inter-app communication threats and detection techniques , 2016, Comput. Secur..

[23]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[24]  Laurie J. Hendren,et al.  Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? , 2000, CC.

[25]  Somesh Jha,et al.  Composite Constant Propagation and its Application to Android Program Analysis , 2016, IEEE Transactions on Software Engineering.

[26]  Agostino Cortesi,et al.  M-String Segmentation: A Refined Abstract Domain for String Analysis in C Programs , 2018, 2018 International Symposium on Theoretical Aspects of Software Engineering (TASE).

[27]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[28]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[29]  Agostino Cortesi,et al.  Static analysis of Android Auto infotainment and on‐board diagnostics II apps , 2019, Softw. Pract. Exp..

[30]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[31]  Agostino Cortesi,et al.  Combining Symbolic and Numerical Domains for Information Leakage Analysis , 2018, Trans. Comput. Sci..