Skip to main content

Detecting sensitive data leakage via inter-applications on Android using a hybrid analysis technique

Abstract

In this study, we present the uitHyDroid system, which allows the detection of sensitive data leakage via multi-applications using hybrid analysis. uitHyDroid uses static analysis to collect user interface elements that must interact to illuminate possible sensitive data flows. In addition, dynamic analysis is used to capture inter-application communications to link partial sensitive data flows from static analysis. This approach is faster than using only dynamic analysis. In this study, we use hooking technology to conduct dynamic analysis phase emulator modification. The experimental results show that the proposed system can detect most sensitive data leakages for both our dataset and real-world applications.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3

References

  1. 1.

    Android.com: Application fundamentals. https://developer.android.com/guide/components/fundamentals.html

  2. 2.

    Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49, 259–269 (2014)

    Article  Google Scholar 

  3. 3.

    Azim, T., Neamtiu, I.: Targeted and depth-first exploration for systematic testing of android apps. SIGPLAN Not. 48(10), 641–660 (2013)

    Article  Google Scholar 

  4. 4.

    Bagheri, H., Sadeghi, A., Garcia, J., Malek, S.: Covert: compositional analysis of android inter-app permission leakage. IEEE Trans. Softw. Eng. 41, 866–886 (2015)

    Article  Google Scholar 

  5. 5.

    Bla, X., Sing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 55–62 (2010)

  6. 6.

    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)

  7. 7.

    Cam, N.T., Hau, P., Nguyen, T.: Android Security Analysis Based on Inter-application Relationships. Springer, Singapore (2016)

    Book  Google Scholar 

  8. 8.

    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (2011)

  9. 9.

    A.S.Developer: Ui/application exerciser monkey. http://developer.android.com/tools/help/monkey.html (2016)

  10. 10.

    A.T.Developer: Apktool. https://github.com/iBotPeaches/Apktool (2015)

  11. 11.

    E.Developers: Emma: a free java code coverage tool. http://emma.sourceforge.net/ (2017)

  12. 12.

    Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: Madam: a multi-level anomaly detector for android malware. In: International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security (2012)

  13. 13.

    Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32, 5 (2010)

    Google Scholar 

  14. 14.

    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)

  15. 15.

    Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: automated security certification of android. Technical report, University of Maryland (2009)

  16. 16.

    Huang, C.Y., Tsai, Y.T., Hsu, C.H.: Performance Evaluation on Permission-Based Detection for Android Malware, Smart Innovation, Systems and Technologies. Book Section 12, vol. 21. Springer, Berlin (2013)

    Google Scholar 

  17. 17.

    IDC: Smartphone OS market share, 2016 q3. http://www.idc.com/promo/smartphone-market-share/os (2016)

  18. 18.

    Jung, T.: Quickcheck for java. https://bitbucket.org/blob79/quickcheck

  19. 19.

    Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis (2014)

  20. 20.

    Lantz: Droidbox. https://code.google.com/p/droidbox/ (2015)

  21. 21.

    Li, L., Bartel, A., Bissyande, T.F., Klein, J., Traon, Y.: ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis, IFIP Advances in Information and Communication Technology. Book Section 34, vol. 455. Springer, Cham (2015)

    Google Scholar 

  22. 22.

    Li, L., Bartel, A., Bissyande, T., Klein, J., Traon, Y.L., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., McDaniel, P.: Iccta: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering (2015)

  23. 23.

    Machiry, A., Tahiliani, R., Naik, M.: Dynodroid: an input generation system for android apps. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (2013)

  24. 24.

    Michael, S., Felix, F., Florian, E., Thomas, S., Johannes, H.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1808–1815 (2013)

  25. 25.

    Milano, D.T.: Android view client. https://github.com/dtmilano/AndroidViewClient (2016)

  26. 26.

    Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Traon, Y.L.: Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. In: Proceedings of the 22nd USENIX Conference on Security (2013)

  27. 27.

    Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (2012)

  28. 28.

    Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid android: versatile protection for smartphones. In: Proceedings of the 26th Annual Computer Security Applications Conference (2010)

  29. 29.

    Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. http://www.internetsociety.org/doc/machine-learning-approach-classifying-and-categorizing-android-sources-and-sinks (2014)

  30. 30.

    Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Nieves, J., Bringas, P.G., Alvarez Maranon, G.: Mama: manifest analysis for malware detection in android. Cybern. Syst. 44(6–7), 469–488 (2013)

    Article  Google Scholar 

  31. 31.

    Sasnauskas, R., Regehr, J.: Intent fuzzer: crafting intents of death. In: Proceedings of the 2014 Joint International Workshop on Dynamic Analysis (WODA) and Software and System Performance Testing, Debugging, and Analytics (PERTEA) (2014)

  32. 32.

    Selendroid: Selendroid: selenium for android. http://selendroid.io (2016)

  33. 33.

    Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: ”Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)

    Article  Google Scholar 

  34. 34.

    Shuang, L., Xiaojiang, D.: Permission-combination-based scheme for android mobile malware detection. In: 2014 IEEE International Conference on Communications (ICC), pp. 2301–2306 (2013)

  35. 35.

    SPRIDE, E.: Droidbench—benchmarks. http://sseblog.ec-spride.de/tools/droidbench/ (2016)

  36. 36.

    Symantec: 2015 internet security threat report, vol. 20, Web Page May. https://www.symantec.com/content/dam/symantec/docs/reports/istr-20-2015-en.pdf (2015)

  37. 37.

    Symantec: 2017 internet security threat report. Report, Symantec. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf (2017)

  38. 38.

    Veen, V.V.D.: Tracedroid—dynamic android app analysis. http://tracedroid.few.vu.nl/ (2014)

  39. 39.

    Xiong, P., Wang, X., Niu, W., Zhu, T., Li, G.: Android malware detection with contrasting permission patterns. Communications 11(8), 1–14 (2014)

    Google Scholar 

  40. 40.

    Xposed: Xposed framework. http://repo.xposed.info/ (2016)

  41. 41.

    Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: USENIX Security Symposium (2012)

  42. 42.

    Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2012)

Download references

Acknowledgements

This research is funded by Vietnam National University HoChiMinh City (VNU-HCM) under Grant No. B2016-26-01.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Nguyen Tan Cam.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Cam, N.T., Pham, VH. & Nguyen, T. Detecting sensitive data leakage via inter-applications on Android using a hybrid analysis technique. Cluster Comput 22, 1055–1064 (2019). https://doi.org/10.1007/s10586-017-1260-2

Download citation

Keywords

  • Android security
  • Hybrid analysis
  • Inter-application communication
  • Sensitive data leakage detection