论文信息 - APPLADroid: Automaton Based Inter-app Privacy Leak Analysis for Android

APPLADroid: Automaton Based Inter-app Privacy Leak Analysis for Android

An app named “Aqua Mail” is a Google play store app with millions of downloads. It allows the user to manage Google account mails. For caching purposes, it stores the mails in a content provider protected with a custom permission rather than Android defined permission to access mails (MANAGE_ACCOUNTS). Another app named “Enhanced SMS and call” can access mails directly by obtaining the permission of reading the custom content provider of Aqua Mail. Google is not aware of the fact that any other app is accessing the mails. In order to detect such flows, a precise inter-app analysis is needed to identify leakage from source in one app to sink in another app.

Vijay Laxmi | Manoj Singh Gaur | Mohamed Mosbah | Vineeta Jain

[1] Daniel John Trevino Barton. Usable Post-Classification Visualizations for Android Collusion Detection and Inspection , 2016 .

[2] Alireza Sadeghi,et al. COVERT: Compositional Analysis of Android Inter-App Permission Leakage , 2015, IEEE Transactions on Software Engineering.

[3] Gang Wang,et al. Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications , 2017, AsiaCCS.

[4] Matthew L. Dering,et al. Composite Constant Propagation: Application to Android Inter-Component Communication Analysis , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[5] Jacques Klein,et al. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[6] Aaron Tomb,et al. Multi-App Security Analysis with FUSE: Statically Detecting Android App Collusion , 2014, PPREW-4.

[7] Vijay Laxmi,et al. SniffDroid: Detection of Inter-App Privacy Leaks in Android , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[8] Jacques Klein,et al. ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis , 2015, SEC.

[9] Jeff H. Perkins,et al. Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.