Abstract
Leaking personal information on mobile devices is a serious problem. Work on information leak detection for mobile devices, until now, mostly focus on action within a single application, while the coordinated action of several applications for the malicious purpose is becoming popular. This study proposes a hybrid approach that combines static and dynamic analysis to detect information leak as a result of the coordinated action of multiple applications. In this text, we call it inter-application malware. The analysis takes place in two stages. In the first stage, we use static analysis to determine the chains of sensitive actions on multiple applications. The chain of sensitive actions is the sequential user’s actions that may lead to information leakage. In the second stage, we validate whether the chain of sensitive actions indeed leaks user’s data by using the dynamic analysis. In fact, the applications in question are forced to execute after the chains of sensitive actions detected in the first stage. We monitor the sensitive actions to determine which actions make information leak. In order to do so, we modify the Android Emulator to trigger and monitor any action of any applications running on it. We have evaluated our tool, namely eDSDroid, on the famous Toyapps test case. The test result shows the correctness and effectiveness of our tool.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sanz, B., Santos, I., Ugarte-Pedrero, X., Laorden, C., Nieves, J., Bringas, P.G.: Instance-based anomaly method for android malware detection. In: SECRYPT, pp. 387–394. SciTePress (2013)
CERT Division of the Software Engineering Institute (SEI), DidFail: Android Taint Flow Analysis. https://www.cert.org/secure-coding/tools/didfail.cfm
Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, (SPSM 2012), pp. 93–94 (2012)
Octeau, D., et al.: Effective inter-component communication mapping in android with Epicc: an essential step towards hoslistic security analysis. USENIX Security (2013)
Bodden, E.: FlowDroid Taint Analysis, Secure Software Engineering. European Center for Security and Privacy by Design. sseblog.ec-spride.de/tools/FlowDroid/
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252 (2011)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)
Tchakounte, F., Dayang, P.: System call analysis of malwares on android. Int. J. Sci. Technol. 2(9), 669–674 (2013)
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: ScanDroid: automated security certification of Android applications. Technical report, University of Maryland (2009)
Paul, I.: F-secure says 99 percent of new mobile malware targets android, but don’t worry too much. http://www.greenbot.com/article/2148521/99-percent-of-new-mobile-malware-is-on-android-but-good-luck-catching-it.html. Accessed 2 Sept 2014
Hoffmann, J., Neumann, S., Holz, T.: Mobile malware detection based on energy fingerprints — a dead end? In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 348–368. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41284-4_18
Graa, M., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A.: Detecting control flow in smarphones: combining static and dynamic analyses. In: Xiang, Y., Lopez, J., Kuo, C.-C., Jay, Zhou, W. (eds.) CSS 2012. LNCS, vol. 7672, pp. 33–47. Springer, Heidelberg (2012). doi:10.1007/978-3-642-35362-8_4
Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI (2014)
Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yuksel, K.A., Camtepe, S.A., Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: IEEE International Conference on Communications, ICC 2009, pp. 1, 5, 14–18, June 2009
Nair, S.K., Simpson, P.N.D., Crispo, B., Tanenbaum, A.S.: A virtual machine based information flow control system for policy enforcement. Electron. Notes Theor. Comput. Sci. 197, 3–16 (2008)
van der Veen, V., Rossow, C., Bos, H.: TraceDroid: a fast and complete android method tracer. Hack In The Box, HITB, Malaysia, October 2013
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, pp. 1–6 (2010)
Acknowledgments
This research is funded by Vietnam National University HoChiMinh City (VNU-HCM) under grant number B2016-26-01.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ly, H.T., Nguyen, T.C., Pham, VH. (2017). eDSDroid: A Hybrid Approach for Information Leak Detection in Android. In: Kim, K., Joukov, N. (eds) Information Science and Applications 2017. ICISA 2017. Lecture Notes in Electrical Engineering, vol 424. Springer, Singapore. https://doi.org/10.1007/978-981-10-4154-9_34
Download citation
DOI: https://doi.org/10.1007/978-981-10-4154-9_34
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4153-2
Online ISBN: 978-981-10-4154-9
eBook Packages: EngineeringEngineering (R0)