Abstract
Android security researchers utilize taint analysis to uncover apps’ bugs and policy-violating behaviors. However, the investigations are unsafe because current taint trackers can be circumvented by apps that cause information flows across API calls. A context-tainting tracker (CTT) is devised to tackle the problem, but since the technique relies on a hand-picked list of flow-causing API methods, it will miss information flows when unlisted methods are exploited. It can also produce a large number of false positives and cannot be practically used. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to track them with reducing the dependency on the list of API methods. We implemented our approach into our taint tracker called VTDroid. We confirmed its effectiveness with our test suite consisting of 31 anti-taint analysis techniques compared to three current tools: CTT, TaintDroid, and FlowDroid. We also evaluated VTDroid and the current tools with popular apps collected from two major app stores. The results show that VTDroid outperforms CTT in precision and TaintDroid and FlowDroid in recall for privacy leak detection. Also, security analysts can utilize VTDroid to detect user input validations with slightly more false positives and fewer false negatives than FlowDroid in VTDroid’s code coverage.
Similar content being viewed by others
Data and code availability
Previously developed VTDroid and the test suite for privacy leak detection [17] are available at https://github.com/SaitoLab-Nitech/VTDroid. We will release the test suite for suspicious validation detection at https://github.com/SaitoLab-Nitech/ATATechniques. The datasets generated during the current study are available from the corresponding author on reasonable request.
References
Arzt, S., Bodden, E.: StubDroid: automatic inference of precise data-flow summaries for the android framework. In: Proceedings of the 38th International Conference on Software Engineering (2016). https://doi.org/10.1145/2884781.2884816
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (2014). https://doi.org/10.1145/2594291.2594299
Backes, M., Bugiel, S., Schranz, O., Styp-Rekowsky, P.V., Weisgerber, S.: ARTist: the android runtime instrumentation and security toolkit. In: IEEE European Symposium on Security and Privacy (2017). https://doi.org/10.1109/EuroSP.2017.43
Barbon, G., Cortesi, A., Ferrara, P., Pistoia, M., Tripp, O.: Privacy analysis of android apps: implicit flows and quantitative analysis. In: Computer Information Systems and Industrial Management (2015). https://doi.org/10.1007/978-3-319-24369-6_1
Cavallaro, L., Saxena, P., Sekar, R.: Anti-taint-analysis: practical evasion techniques against information flow based malware defense. Stony Brook University, Tech. rep. (2007)
Chandra, S., Lin, Z., Kundu, A., Khan, L.: Towards a systematic study of the covert channel attacks in smartphones. In: International Conference on Security and Privacy in Communication Networks (2015). https://doi.org/10.1007/978-3-319-23829-6_29
Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., Vigna, G.: Obfuscation-resilient privacy leak detection for mobile apps through differential analysis. In: Proceedings of Network and Distributed System Security Symposium (2017). https://doi.org/10.14722/ndss.2017.23465
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20 (1977). https://doi.org/10.1145/359636.359712
Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P.D., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Symposium on Operating Systems Design and Implementation (2010). https://doi.org/10.1145/2619091
Fratantonio, Y., Machiry, A., Bianchi, A., Kruegel, C., Vigna, G.: CLAPP: characterizing loops in android applications. In: Proceedings of the Joint Meeting on Foundations of Software Engineering (2015). https://doi.org/10.1145/2786805.2786873
Fratantonio, Y., Bianchi, A., Robertson, W., Kirda, E., Kruegel, C., Vigna, G.: TriggerScope: towards detecting logic bombs in android applications. In: IEEE Symposium on Security and Privacy (2016). https://doi.org/10.1109/SP.2016.30
Gasior, W., Yang, L.: Exploring covert channel in android platform. In: International Conference on Cyber Security (2012). https://doi.org/10.1109/CyberSecurity.2012.29
Georgiadis, L., Werneck, R.F., Tarjan, R.E., Triantafyllis, S., August, D.I.: Finding dominators in practice. In: European Symposium on Algorithms (2004). https://doi.org/10.1007/978-3-540-30140-0_60
Graa, M., Boulahia, N.C., Cuppens, F., Cavalliy, A.: Protection against code obfuscation attacks based on control dependencies in android systems. In: IEEE Eighth International Conference on Software Security and Reliability-Companion (2014). https://doi.org/10.1109/SERE-C.2014.33
Graa, M., Cuppens-Boulahia, N., Cuppens, F., Lanet, J.L., Moussaileb, R.: Detection of side channel attacks based on data tainting in android systems. In: ICT Systems Security and Privacy Protection (2017). https://doi.org/10.1007/978-3-319-58469-0_14
Han, J., Huang, C., Shi, F., Liu, J.: Covert timing channel detection method based on time interval and payload length analysis. Comput. Secur. 97 (2020). https://doi.org/10.1016/j.cose.2020.101952
Inayoshi, H., Kakei, S., Takimoto, E., Mouri, K., Saito, S.: VTDroid: value-based tracking for overcoming anti-taint-analysis techniques in android apps. In: International Conference on Availability, Reliability and Security (2021). https://doi.org/10.1145/3465481.3465759
Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: dynamic taint analysis with targeted control-flow propagation. In: Proceedings of Network and Distributed System Security Symposium (2011)
Lalande, J.F., Wendzel, S.: Hiding privacy leaks in android applications using low-attention raising covert channels. In: International Conference on Availability, Reliability and Security (2013). https://doi.org/10.1109/ARES.2013.92
Lelewer, D.A., Hirschberg, D.S.: Data compression. ACM Comput. Surv. (1987). https://doi.org/10.1145/45072.45074
Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: Proceedings of Network and Distributed System Security Symposium (2014). https://doi.org/10.14722/ndss.2014.23039
Rasthofer, S., Arzt, S., Triller, S., Pradel, M.: Making Malory behave maliciously: targeted fuzzing of android execution environments. In: IEEE/ACM 39th International Conference on Software Engineering (2017). https://doi.org/10.1109/ICSE.2017.35
Rumee, S.T.A., (Deceased) D.L., Lei, Y.: MirrorDroid: a framework to detect sensitive information leakage in android by duplicate program execution. In: Annual Conference on Information Sciences and Systems (2017). https://doi.org/10.1109/CISS.2017.7926086
Sarwar, G., Mehani, O., Boreli, R., Kaafar, M.A.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices. In: Proceedings of the 10th International Conference on Security and Cryptography (2013). https://doi.org/10.5220/0004535104610468
Schreckling, D., Köstler, J., Schaff, M.: Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for android. Inf. Secur. Tech. Rep. 17(3) (2013). https://doi.org/10.1016/j.istr.2012.10.006
Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: IEEE Symposium on Security and Privacy (2010). https://doi.org/10.1109/SP.2010.26
Schütte, J., Fedler, R., Titze, D.: ConDroid: targeted dynamic analysis of android applications. In: IEEE 29th International Conference on Advanced Information Networking and Applications (2015). https://doi.org/10.1109/AINA.2015.238
Schütte, J., Küechler, A., TItze, D.: Practical application-level dynamic taint analysis of android apps. In: IEEE Trustcom/BigDataSE/ICESS (2017). https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.215
Slavin, R., Wang, X., Hosseini, M.B., Hester, J., Krishnan, R., Bhatia, J., Breaux, T.D., Niu, J.: Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the International Conference on Software Engineering (2016). https://doi.org/10.1145/2884781.2884855
Staicu, C.A., Schoepe, D., Balliu, M., Pradel, M., Sabelfeld, A.: An empirical study of information flows in real-world javascript. In: Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security (2019). https://doi.org/10.1145/3338504.3357339
Stephens, J., Yadegari, B., Collberg, C., Debray, S., Scheidegger, C.: Probabilistic obfuscation through covert channels. In: IEEE European Symposium on Security and Privacy (2018). https://doi.org/10.1109/EuroSP.2018.00025
Stinson, E., Mitchell, J.C.: Characterizing bots’ remote control behavior. In: Detection of Intrusions and Malware, and Vulnerability Assessment (2007). https://doi.org/10.1007/978-3-540-73614-1_6
Sun, M., Wei, T., Lui, J.C.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: ACM SIGSAC Conference on Computer and Communications Security (2016). https://doi.org/10.1145/2976749.2978343
Venkatakrishnan, V.N., Xu, W., DuVarney, D.C., Sekar, R.: Provably correct runtime enforcement of non-interference properties. In: Information and Communications Security (2006). https://doi.org/10.1007/11935308_24
Wang, J.C., Lee, H.M., Chen, C.W., Jeng, A.B.: Estimating intent-based covert channel bandwidth by time series decomposition analysis in android platform. In: IEEE Conference on Application, Information and Network Security (2017). https://doi.org/10.1109/AINS.2017.8270420
Wei, T., Mao, J., Zou, W., Chen, Y.: A new algorithm for identifying loops in decompilation. In: International Static Analysis Symposium (2007). https://doi.org/10.1007/978-3-540-74061-2_11
Xue, L., Zhou, Y., Chen, T., Luo, X., Gu, G.: Malton: towards on-device non-invasive mobile malware analysis for ART. In: USENIX Security Symposium, pp. 289–306 (2017)
Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: USENIX Security Symposium, pp. 569–584 (2012)
You, W., Liang, B., Li, J., Shi, W., Zhang, X.: Android implicit information flow demystified. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (2015). https://doi.org/10.1145/2714576.2714604
You, W., Liang, B., Shi, W., Wang, P., Zhang, X.: TaintMan: an art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices. IEEE Trans. Dependable and Secur. Comput. (2020). https://doi.org/10.1109/TDSC.2017.2740169
Zhao, Q., Zuo, C., Dolan-Gavitt, B., Pellegrino, G., Lin, Z.: Automatic uncovering of hidden behaviors from input validation in mobile apps. In: IEEE Symposium on Security and Privacy (2020). https://doi.org/10.1109/SP40000.2020.00072
Funding
No funds, grants, or other support was received.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no relevant financial or non-financial interests to disclose.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Inayoshi, H., Kakei, S., Takimoto, E. et al. Value-utilized taint propagation: toward precise detection of apps’ information flows across Android API calls. Int. J. Inf. Secur. 21, 1127–1149 (2022). https://doi.org/10.1007/s10207-022-00603-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-022-00603-9