eDSDroid: A Hybrid Approach for Information Leak Detection in Android

Leaking personal information on mobile devices is a serious problem. Work on information leak detection for mobile devices, until now, mostly focus on action within a single application, while the coordinated action of several applications for the malicious purpose is becoming popular. This study proposes a hybrid approach that combines static and dynamic analysis to detect information leak as a result of the coordinated action of multiple applications. In this text, we call it inter-application malware. The analysis takes place in two stages. In the first stage, we use static analysis to determine the chains of sensitive actions on multiple applications. The chain of sensitive actions is the sequential user’s actions that may lead to information leakage. In the second stage, we validate whether the chain of sensitive actions indeed leaks user’s data by using the dynamic analysis. In fact, the applications in question are forced to execute after the chains of sensitive actions detected in the first stage. We monitor the sensitive actions to determine which actions make information leak. In order to do so, we modify the Android Emulator to trigger and monitor any action of any applications running on it. We have evaluated our tool, namely eDSDroid, on the famous Toyapps test case. The test result shows the correctness and effectiveness of our tool.

[1]  Igor Santos,et al.  Instance-based anomaly method for Android malware detection , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[2]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[3]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[4]  Guofei Gu,et al.  SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications , 2012, SPSM '12.

[5]  Thorsten Holz,et al.  Mobile Malware Detection Based on Energy Fingerprints - A Dead End? , 2013, RAID.

[6]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[7]  Andrew S. Tanenbaum,et al.  A Virtual Machine Based Information Flow Control System for Policy Enforcement , 2008, Electron. Notes Theor. Comput. Sci..

[8]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[9]  Ana R. Cavalli,et al.  Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses , 2012, CSS.

[10]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[11]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[12]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.