Skip to main content
Log in

Value-utilized taint propagation: toward precise detection of apps’ information flows across Android API calls

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Android security researchers utilize taint analysis to uncover apps’ bugs and policy-violating behaviors. However, the investigations are unsafe because current taint trackers can be circumvented by apps that cause information flows across API calls. A context-tainting tracker (CTT) is devised to tackle the problem, but since the technique relies on a hand-picked list of flow-causing API methods, it will miss information flows when unlisted methods are exploited. It can also produce a large number of false positives and cannot be practically used. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to track them with reducing the dependency on the list of API methods. We implemented our approach into our taint tracker called VTDroid. We confirmed its effectiveness with our test suite consisting of 31 anti-taint analysis techniques compared to three current tools: CTT, TaintDroid, and FlowDroid. We also evaluated VTDroid and the current tools with popular apps collected from two major app stores. The results show that VTDroid outperforms CTT in precision and TaintDroid and FlowDroid in recall for privacy leak detection. Also, security analysts can utilize VTDroid to detect user input validations with slightly more false positives and fewer false negatives than FlowDroid in VTDroid’s code coverage.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Data and code availability

Previously developed VTDroid and the test suite for privacy leak detection [17] are available at https://github.com/SaitoLab-Nitech/VTDroid. We will release the test suite for suspicious validation detection at https://github.com/SaitoLab-Nitech/ATATechniques. The datasets generated during the current study are available from the corresponding author on reasonable request.

Notes

  1. https://github.com/gsbabil/AntiTaintDroid.

References

  1. Arzt, S., Bodden, E.: StubDroid: automatic inference of precise data-flow summaries for the android framework. In: Proceedings of the 38th International Conference on Software Engineering (2016). https://doi.org/10.1145/2884781.2884816

  2. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (2014). https://doi.org/10.1145/2594291.2594299

  3. Backes, M., Bugiel, S., Schranz, O., Styp-Rekowsky, P.V., Weisgerber, S.: ARTist: the android runtime instrumentation and security toolkit. In: IEEE European Symposium on Security and Privacy (2017). https://doi.org/10.1109/EuroSP.2017.43

  4. Barbon, G., Cortesi, A., Ferrara, P., Pistoia, M., Tripp, O.: Privacy analysis of android apps: implicit flows and quantitative analysis. In: Computer Information Systems and Industrial Management (2015). https://doi.org/10.1007/978-3-319-24369-6_1

  5. Cavallaro, L., Saxena, P., Sekar, R.: Anti-taint-analysis: practical evasion techniques against information flow based malware defense. Stony Brook University, Tech. rep. (2007)

  6. Chandra, S., Lin, Z., Kundu, A., Khan, L.: Towards a systematic study of the covert channel attacks in smartphones. In: International Conference on Security and Privacy in Communication Networks (2015). https://doi.org/10.1007/978-3-319-23829-6_29

  7. Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., Vigna, G.: Obfuscation-resilient privacy leak detection for mobile apps through differential analysis. In: Proceedings of Network and Distributed System Security Symposium (2017). https://doi.org/10.14722/ndss.2017.23465

  8. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20 (1977). https://doi.org/10.1145/359636.359712

  9. Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P.D., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Symposium on Operating Systems Design and Implementation (2010). https://doi.org/10.1145/2619091

  10. Fratantonio, Y., Machiry, A., Bianchi, A., Kruegel, C., Vigna, G.: CLAPP: characterizing loops in android applications. In: Proceedings of the Joint Meeting on Foundations of Software Engineering (2015). https://doi.org/10.1145/2786805.2786873

  11. Fratantonio, Y., Bianchi, A., Robertson, W., Kirda, E., Kruegel, C., Vigna, G.: TriggerScope: towards detecting logic bombs in android applications. In: IEEE Symposium on Security and Privacy (2016). https://doi.org/10.1109/SP.2016.30

  12. Gasior, W., Yang, L.: Exploring covert channel in android platform. In: International Conference on Cyber Security (2012). https://doi.org/10.1109/CyberSecurity.2012.29

  13. Georgiadis, L., Werneck, R.F., Tarjan, R.E., Triantafyllis, S., August, D.I.: Finding dominators in practice. In: European Symposium on Algorithms (2004). https://doi.org/10.1007/978-3-540-30140-0_60

  14. Graa, M., Boulahia, N.C., Cuppens, F., Cavalliy, A.: Protection against code obfuscation attacks based on control dependencies in android systems. In: IEEE Eighth International Conference on Software Security and Reliability-Companion (2014). https://doi.org/10.1109/SERE-C.2014.33

  15. Graa, M., Cuppens-Boulahia, N., Cuppens, F., Lanet, J.L., Moussaileb, R.: Detection of side channel attacks based on data tainting in android systems. In: ICT Systems Security and Privacy Protection (2017). https://doi.org/10.1007/978-3-319-58469-0_14

  16. Han, J., Huang, C., Shi, F., Liu, J.: Covert timing channel detection method based on time interval and payload length analysis. Comput. Secur. 97 (2020). https://doi.org/10.1016/j.cose.2020.101952

  17. Inayoshi, H., Kakei, S., Takimoto, E., Mouri, K., Saito, S.: VTDroid: value-based tracking for overcoming anti-taint-analysis techniques in android apps. In: International Conference on Availability, Reliability and Security (2021). https://doi.org/10.1145/3465481.3465759

  18. Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: dynamic taint analysis with targeted control-flow propagation. In: Proceedings of Network and Distributed System Security Symposium (2011)

  19. Lalande, J.F., Wendzel, S.: Hiding privacy leaks in android applications using low-attention raising covert channels. In: International Conference on Availability, Reliability and Security (2013). https://doi.org/10.1109/ARES.2013.92

  20. Lelewer, D.A., Hirschberg, D.S.: Data compression. ACM Comput. Surv. (1987). https://doi.org/10.1145/45072.45074

    Article  MATH  Google Scholar 

  21. Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: Proceedings of Network and Distributed System Security Symposium (2014). https://doi.org/10.14722/ndss.2014.23039

  22. Rasthofer, S., Arzt, S., Triller, S., Pradel, M.: Making Malory behave maliciously: targeted fuzzing of android execution environments. In: IEEE/ACM 39th International Conference on Software Engineering (2017). https://doi.org/10.1109/ICSE.2017.35

  23. Rumee, S.T.A., (Deceased) D.L., Lei, Y.: MirrorDroid: a framework to detect sensitive information leakage in android by duplicate program execution. In: Annual Conference on Information Sciences and Systems (2017). https://doi.org/10.1109/CISS.2017.7926086

  24. Sarwar, G., Mehani, O., Boreli, R., Kaafar, M.A.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices. In: Proceedings of the 10th International Conference on Security and Cryptography (2013). https://doi.org/10.5220/0004535104610468

  25. Schreckling, D., Köstler, J., Schaff, M.: Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for android. Inf. Secur. Tech. Rep. 17(3) (2013). https://doi.org/10.1016/j.istr.2012.10.006

  26. Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: IEEE Symposium on Security and Privacy (2010). https://doi.org/10.1109/SP.2010.26

  27. Schütte, J., Fedler, R., Titze, D.: ConDroid: targeted dynamic analysis of android applications. In: IEEE 29th International Conference on Advanced Information Networking and Applications (2015). https://doi.org/10.1109/AINA.2015.238

  28. Schütte, J., Küechler, A., TItze, D.: Practical application-level dynamic taint analysis of android apps. In: IEEE Trustcom/BigDataSE/ICESS (2017). https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.215

  29. Slavin, R., Wang, X., Hosseini, M.B., Hester, J., Krishnan, R., Bhatia, J., Breaux, T.D., Niu, J.: Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the International Conference on Software Engineering (2016). https://doi.org/10.1145/2884781.2884855

  30. Staicu, C.A., Schoepe, D., Balliu, M., Pradel, M., Sabelfeld, A.: An empirical study of information flows in real-world javascript. In: Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security (2019). https://doi.org/10.1145/3338504.3357339

  31. Stephens, J., Yadegari, B., Collberg, C., Debray, S., Scheidegger, C.: Probabilistic obfuscation through covert channels. In: IEEE European Symposium on Security and Privacy (2018). https://doi.org/10.1109/EuroSP.2018.00025

  32. Stinson, E., Mitchell, J.C.: Characterizing bots’ remote control behavior. In: Detection of Intrusions and Malware, and Vulnerability Assessment (2007). https://doi.org/10.1007/978-3-540-73614-1_6

  33. Sun, M., Wei, T., Lui, J.C.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: ACM SIGSAC Conference on Computer and Communications Security (2016). https://doi.org/10.1145/2976749.2978343

  34. Venkatakrishnan, V.N., Xu, W., DuVarney, D.C., Sekar, R.: Provably correct runtime enforcement of non-interference properties. In: Information and Communications Security (2006). https://doi.org/10.1007/11935308_24

  35. Wang, J.C., Lee, H.M., Chen, C.W., Jeng, A.B.: Estimating intent-based covert channel bandwidth by time series decomposition analysis in android platform. In: IEEE Conference on Application, Information and Network Security (2017). https://doi.org/10.1109/AINS.2017.8270420

  36. Wei, T., Mao, J., Zou, W., Chen, Y.: A new algorithm for identifying loops in decompilation. In: International Static Analysis Symposium (2007). https://doi.org/10.1007/978-3-540-74061-2_11

  37. Xue, L., Zhou, Y., Chen, T., Luo, X., Gu, G.: Malton: towards on-device non-invasive mobile malware analysis for ART. In: USENIX Security Symposium, pp. 289–306 (2017)

  38. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: USENIX Security Symposium, pp. 569–584 (2012)

  39. You, W., Liang, B., Li, J., Shi, W., Zhang, X.: Android implicit information flow demystified. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (2015). https://doi.org/10.1145/2714576.2714604

  40. You, W., Liang, B., Shi, W., Wang, P., Zhang, X.: TaintMan: an art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices. IEEE Trans. Dependable and Secur. Comput. (2020). https://doi.org/10.1109/TDSC.2017.2740169

    Article  Google Scholar 

  41. Zhao, Q., Zuo, C., Dolan-Gavitt, B., Pellegrino, G., Lin, Z.: Automatic uncovering of hidden behaviors from input validation in mobile apps. In: IEEE Symposium on Security and Privacy (2020). https://doi.org/10.1109/SP40000.2020.00072

Download references

Funding

No funds, grants, or other support was received.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Hiroki Inayoshi.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interests to disclose.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Inayoshi, H., Kakei, S., Takimoto, E. et al. Value-utilized taint propagation: toward precise detection of apps’ information flows across Android API calls. Int. J. Inf. Secur. 21, 1127–1149 (2022). https://doi.org/10.1007/s10207-022-00603-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00603-9

Keywords

Navigation