Detect Sensitive Data Leakage via Inter-application on Android by Using Static Analysis and Dynamic Analysis

Mobile malwares (especially spyware) target heavily Android operating system. Data is leaked if it exists a sensitive data flow (Data propagation from sensitive source to critical sink). Usually, a sensitive data flow is executed by a chain of actions. In most cases, sensitive data flows are begun and finished in the same application. However, there exist cases where these flows can pass to multi-applications by using inter-application communication. Standalone application analysis can not detect such data flows. Static analysis faces limitations when malware code is obfuscated. Besides, certain actions only take place when receiving input from user. It means that the information related to sensitive data flows is depended on the input data. Which is not available at analysis time when using static analysis technique. In this study, we propose uitHyDroid system that allows to detect sensitive data leakage via multi-applications by using hybrid analysis. uitHyDroid uses static analysis to collect sensitive data flows in each application. Meanwhile, dynamic analysis is used to capture inter-application communications. In this study, to evaluate our approach, we use the extended of DroidBench dataset and applications downloaded from GooglePlay. The experimental results show that almost of sensitive data leakages in the first dataset are correctly detected. Beside that, the proposed system detects several malwares in real-world applications.

[1]  John Regehr,et al.  Intent fuzzer: crafting intents of death , 2014, WODA+PERTEA 2014.

[2]  Mayur Naik,et al.  Dynodroid: an input generation system for Android apps , 2013, ESEC/FSE 2013.

[3]  Tuan Nguyen,et al.  Android Security Analysis Based on Inter-application Relationships , 2016 .

[4]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[5]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[6]  Jacques Klein,et al.  ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis , 2015, SEC.

[7]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[8]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[9]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[10]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[11]  Iulian Neamtiu,et al.  Targeted and depth-first exploration for systematic testing of android apps , 2013, OOPSLA.

[12]  Eric Bodden,et al.  A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks , 2014, NDSS.

[13]  Guofei Gu,et al.  SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications , 2012, SPSM '12.