Today’s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive data, or to track users without their consent or even the users noticing. Dynamic program analyses fail to discover such malicious activity because apps have learned to recognize the analyses as they execute.
In this work we present FlowDroid, a novel and highly precise taint analysis for Android applications. A precise model of Android’s lifecycle allows the analysis to properly handle callbacks, while context, flow, field and object- sensitivity allows the analysis to track taints with a degree of precision unheard of from previous Android analyses.
To the best of our knowledge it is the first static taint-analysis system that is fully context, flow, field and object-sensitive while precisely modeling the complete Android lifecycle, including the correct handling of user-defined UI widgets within the apps.
We also propose DroidBench, an open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps.
As we show through a set of experiments using SecuriBench Micro, DroidBench and a set of well-known Android test applications, our approach finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, our approach achieves 93% recall and 86% precision, greatly outperforming the commercial tools AppScan Source and Fortify SCA
We intend to extend and maintain this suite as a community effort and hope that in the future it will be used for empirical evaluations that are more systematic and comparative than the ones that have appeared in the scientific literature to date.
*** Other authors on this report were Steven Arzt, Siegfried Rasthofer, Eric Bodden, at EC SPRIDE; Alexandre Bartel, Jacques Klein, and Yves le Traon, University of Luxembourg; and Damien Octeau and Patrick McDaniel at Penn State University.
To read this external content in full, download the complete paper from the author archives online.