Skip to main content

Enhancing the accuracy of static analysis for detecting sensitive data leakage in Android by using dynamic analysis

Abstract

One approach of Android security is the analysis for detecting potential information leaks. The current technical analyses (as static analysis, dynamic analysis, hybrid of static and dynamic analysis) only focus on action within a single application, while the coordinated action of several applications for the malicious purpose is becoming popular. This study proposes a hybrid approach that combines static and dynamic analysis to detect information leak as a result of the coordinated action of multiple applications. In this text, we call it inter-application malware. The analysis takes place in two stages. The first stage uses static analysis to indicate the chains of sensitive actions on multiple applications. The second stage validates whether the chain of sensitive actions indeed leaks user’s data by using the dynamic analysis. In fact, the applications in question are forced to execute after the chains of sensitive actions detected in the first stage. The sensitive actions are monitored and analyzed to determine which actions are the causes of information leakage. And we have implemented an analysis tool, named eDSDroid. We have evaluated our tool on the famous Toyapps test case. The test result shows the correctness and effectiveness of our tool.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

References

  1. 1.

    ApkTool. https://ibotpeaches.github.io/Apktool/

  2. 2.

    Sanz, B., Santos, I., Ugarte-Pedrero, X., Laorden, C., Nieves, J., Bringas, PG.: Instance-Based Anomaly Method for Android Malware Detection. In: SECRYPT, pp. 387–394. SciTe Press (2013)

  3. 3.

    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. Technische Universitt Darmstadt Technical Report of Center for Advanced Security Research Darmstadt (2011)

  4. 4.

    CERT Division of the Software Engineering Institute (SEI), DidFail: Android Taint Flow Analysis. https://www.cert.org/secure-coding/tools/didfail.cfm

  5. 5.

    Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications, In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices (SPSM ’12), pp. 93–94 (2012)

  6. 6.

    Octeau, D., et al.: Effective inter-component communication mapping in Android with Epicc: an essential step towards hoslistic security analysis. USENIX Security (2013)

  7. 7.

    Bodden, E.: FlowDroid taint analysis, secure software engineering. In: European Center for Security and Privacy by Design. http://sseblog.ec-spride.de/tools/FlowDroid/

  8. 8.

    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys, vol. 11, p. 239252 (2011)

  9. 9.

    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

  10. 10.

    Tchakounte, F., Dayang, P.: System call analysis of malwares on android. Int. J. Sci. Technol. 2(9) (2013)

  11. 11.

    Fuchs, A.P., Chaudhuri, A., Foster, J.S.: ScanDroid: automated security certification of Android applications. Technical Report. University of Maryland (2009)

  12. 12.

    Paul, I.: F-Secure says 99 percent of new mobile malware targets Android, but don’t worry too much. http://www.greenbot.com/article/2148521/99-percent-of-new-mobile-malware-is-on-android-but-good-luck-catching-it.html. Accessed September 2 (2014)

  13. 13.

    Hoffmann, J., Neumann, S., Holz, T.: Mobile malware detection based on energy fingerprints—a dead end? In: 16th International Symposium, pp. 348–368. RAID (2013)

  14. 14.

    Graa, M., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A.: Detecting control flow in smartphones: combining static and dynamic analyses. In: Proceedings of the 4th International Conference on Cyberspace Safety and Security (2013)

  15. 15.

    Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps, PLDI (2014)

  16. 16.

    Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yuksel, K.A., Camtepe, S.A., Albayrak, S.: Static analysis of executables for collaborative malware detection on android. In: Communications, 2009. ICC’09. IEEE International Conference, pp. 1, 5, 14–18 (2009)

  17. 17.

    Nair, S.K., Simpson, P.N.D., Crispo, B., Tanenbaum, A.S.: A virtual machine based information flow control system for policy enforcement. Electronic Notes Theor. Comput. Sci. 197, 316 (2008)

    Article  Google Scholar 

  18. 18.

    van der Veen, V., Rossow, C., Bos, H.: TraceDroid: a fast and complete android method tracer, hack in the box (HITB October 2013), Malaysia (2013)

  19. 19.

    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI10, p. 16 (2010)

  20. 20.

    Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of Android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering ACM, pp. 576–587 (2014)

Download references

Acknowledgements

This research is funded by Vietnam National University HoChiMinh City (VNU-HCM) under Grant Number B2016-26-01.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Ly Hoang Tuan.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Tuan, L.H., Cam, N.T. & Pham, VH. Enhancing the accuracy of static analysis for detecting sensitive data leakage in Android by using dynamic analysis. Cluster Comput 22, 1079–1085 (2019). https://doi.org/10.1007/s10586-017-1364-8

Download citation

Keywords

  • Detecting inter-application information leak
  • Hybrid analysis
  • Data Flow analysis