Android has deprecated the use of readable/writeable mode for shared preferences from API level 17. Hence, the researchers are not paying much attention towards the privacy leak via shared preferences. However, Android app developers are still using these modes in practice. This may have serious ramifications such as privacy leakage, privilege escalation, etc, and may pose a severe threat to an user’s privacy. In this paper, we present an automaton based static analysis technique named SniffDroid to detect the inter-app privacy leaks via shared preferences in Android. To evaluate the performance of SniffDroid in real-time, we tested it on our developed dataset of 21 apps and 240 Google playstore apps. These apps are chosen from various categories such as banking, wallet, location, shopping, etc. SniffDroid conducts analysis at the component level. The empirical results of the proposed method indicate that SniffDroid operates in linear time w.r.t. the number of components. It works efficiently on apps of all sizes and is scalable.
[1]
Jacques Klein,et al.
IccTA: Detecting Inter-Component Privacy Leaks in Android Apps
,
2015,
2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.
[2]
Vijay Laxmi,et al.
Intersection Automata Based Model for Android Application Collusion
,
2016,
2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA).
[3]
Jacques Klein,et al.
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
,
2014,
PLDI.
[4]
Aaron Tomb,et al.
Multi-App Security Analysis with FUSE: Statically Detecting Android App Collusion
,
2014,
PPREW-4.
[5]
David A. Wagner,et al.
Analyzing inter-application communication in Android
,
2011,
MobiSys '11.