Flair: efficient analysis of Android inter-component vulnerabilities in response to incremental changes

Abstract

Inter-component communication (ICC) among Android apps is shown to be the source of many security vulnerabilities. Prior research has developed compositional analyses to detect the existence of ICC vulnerabilities in a set of installed apps. However, they all lack the ability to efficiently respond to incremental system changes—such as adding/removing apps. Every time the system changes, the entire analysis has to be repeated, making them too expensive for practical use, given the frequency with which apps are updated, installed, and removed on a typical Android device. This paper presents a novel technique, dubbed FLAIR, for efficient, yet formally precise, security analysis of Android apps in response to incremental system changes. Leveraging the fact that the changes are likely to impact only a small fraction of the prior analysis results, FLAIR recomputes the analysis only where required, thereby greatly improving analysis performance without sacrificing the soundness and completeness thereof. Our experimental results using numerous collections of real-world apps corroborate that FLAIR can provide an order of magnitude speedup over prior techniques.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Listing 1
Fig. 4
Listing 2
Listing 3
Listing 4
Listing 5
Listing 6
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Listing 7

References

  1. Jackson D (2012) Software Abstractions, 2nd edn., MIT Press, Cambridge

  2. Alloy Models from the Covert project (2015) https://seal.ics.uci.edu/projects/covert

  3. Malgenome Project (2017) http://www.malgenomeproject.org

  4. DroidBench (2018). https://github.com/secure-software-engineering/DroidBench/

  5. ICC-Bench (2018) https://github.com/fgwei/ICC-Bench

  6. Bazaar (2019). https://cafebazaar.ir//

  7. F-Droid (2019) https://f-droid.org/

  8. Flair web page (2019) https://sites.google.com/view/flairappanalysis

  9. Google Play Market (2019) http://play.google.com/store/apps/

  10. Number of available apps in the Google Play Store (2019) https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/

  11. About Android App Bundles (2020) https://developer.android.com/guide/app-bundle

  12. About Dynamic Delivery (2020) https://developer.android.com/guide/app-bundle/dynamic-delivery

  13. GitHub Repository (2020) https://github.com/

  14. Mobile Operating System Market Share Worldwide (2020) https://gs.statcounter.com/os-market-share/mobile/worldwide

  15. Alhanahnah M, Yan Q, Bagheri H, Zhou H, Tsutano Y, Srisa-an W, Luo X (2019) Detecting vulnerable android inter-app communication in dynamically loaded code. In: IEEE International conference on computer communications, INFOCOM, Paris, France, April 29 - May 2, 2019, pp 550–558. https://doi.org/10.1109/INFOCOM.2019.8737637

  16. Alhanahnah M, Yan Q, Bagheri H, Zhou H, Tsutano Y, Srisa-an W, Luo X (2020) DINA: detecting hidden android inter-app communication in dynamic loaded code. IEEE Trans Inf Forensics Secur 15:2782–2797. https://doi.org/10.1109/TIFS.2020.2976556

    Article  Google Scholar 

  17. Armando A, Costa G, Merlo A (2012) Formal modeling and reasoning about the android security framework Palamidessi C, Ryan MD (eds). https://doi.org/10.1007/978-3-642-41157-1_5

  18. Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: ACM SIGPLAN Conference on programming language design and implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014, PLDI’14.ACM, Edinburgh, pp 29

  19. Bagheri H, Garcia J, Sadeghi A, Malek S, Medvidovic N (2016) Software architectural principles in contemporary mobile software: from conception to practice. J Syst Softw 119:31–44. https://doi.org/10.1016/j.jss.2016.05.039

    Article  Google Scholar 

  20. Bagheri H, Kang E, Malek S, Jackson D (2015) Detection of design flaws in the android permission protocol through bounded verification. In: Bjørner N, de Boer F (eds) FM 2015: formal methods, Lecture Notes in Computer Science, vol 9109, pp 73–89. Springer International Publishing. https://doi.org/10.1007/978-3-319-19249-9_6

  21. Bagheri H, Kang E, Malek S, Jackson D (2018) A Formal Approach for Detection of Security Flaws in the Android Permission System. Form Asp Comput 30(5):525–544. https://doi.org/10.1007/s00165-017-0445-z

    Article  Google Scholar 

  22. Bagheri H, Malek S (2016) Titanium: efficient analysis of evolving alloy specifications. In: Proceedings of the ACM SIGSOFT International symposium on the foundations of software engineering, FSE’16

  23. Bagheri H, Sadeghi A, Behrouz RJ, Malek S (2016) Practical, formal synthesis and automatic enforcement of security policies for android. In: 46th Annual IEEE/IFIP international conference on dependable systems and networks, DSN 2016, Toulouse, France, June 28 - July 1, 2016. IEEE Computer Society, pp 514–525. https://doi.org/10.1109/DSN.2016.53

  24. Bagheri H, Sadeghi A, Garcia J, Malek S (2015) COVERT: compositional analysis of android inter-app permission leakage IEEE. Trans Softw Eng (TSE)

  25. Bagheri H, Song Y, Sullivan KJ (2010) Architectural style as an independent variable. In: Pecheur C, Andrews J, Nitto ED (eds) ASE 2010, 25th IEEE/ACM International conference on automated software engineering, Antwerp, Belgium, September 20-24, 2010. ACM, pp 159–162. https://doi.org/10.1145/1858996.1859026

  26. Bagheri H, Sullivan KJ (2012) Pol: specification-driven synthesis of architectural code frameworks for platform-based applications. In: Ostermann K, Binder W (eds) Generative programming and component engineering, GPCE’12, Dresden, Germany, September 26-28, 2012. ACM, pp 93–102. https://doi.org/10.1145/2371401.2371416

  27. Bagheri H, Sullivan KJ (2013) Bottom-up model-driven development. In: Notkin D, Cheng BHC, Pohl K (eds) 35th International conference on software engineering, ICSE ’13, San Francisco, CA, USA, May 18-26, 2013. IEEE Computer Society, pp 1221–1224. https://doi.org/10.1109/ICSE.2013.6606683

  28. Bagheri H, Sullivan KJ (2016) Model-driven synthesis of formally precise, stylized software architectures. Formal Asp Comput 28 (3):441–467. https://doi.org/10.1007/s00165-016-0360-8

    MathSciNet  Article  Google Scholar 

  29. Bagheri H, Tang C, Sullivan KJ (2014) TradeMaker: Automated dynamic analysis of synthesized tradespaces. In: Jalote P, Briand LC, van der Hoek A (eds) 36th International conference on software engineering, ICSE ’14, Hyderabad, India - May 31 - June 07, 2014. ACM, pp 106–116. https://doi.org/10.1145/2568225.2568291

  30. Bagheri H, Tang C, Sullivan KJ (2017) Automated synthesis and dynamic analysis of tradeoff spaces for object-relational mapping. IEEE Trans Software Eng 43(2):145–163. https://doi.org/10.1109/TSE.2016.2587646

    Article  Google Scholar 

  31. Bagheri H, Wang J, Aerts J, Malek S (2018) Efficient, evolutionary security analysis of interacting android apps. In: 2018 IEEE International conference on software maintenance and evolution (ICSME), pp 357–368. https://doi.org/10.1109/ICSME.2018.00044

  32. Bosu A, Liu F, Yao DD, Wang G (2017) Collusive data leak and more: large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2-6, 2017. pp 71–85

  33. Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi A (2011) Xmandroid: a new android evolution to mitigate privilege escalation attacks. Technische UniversitÃt Darmstadt Technical Report TR-2011-04

  34. Bugiel S, David L, Dmitrienko A, Fischer T, Sadeghi A, Shastry B (2012) Towards taming privilege-escalation attacks on android. In: 19th Annual network and distributed system security symposium, NDSS 2012, San Diego, California, USA, February 5-8

  35. Bugliesi M, Calzavara S, Spanà A (2013) Lintent: Towards security type-checking of android applications. In: Beyer D, Boreale M (eds) Formal techniques for distributed systems, no. 7892 in Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-642-38592-6_20. Springer, Berlin, pp 289–304

  36. Chaudhuri A (2009) Language-based security on Android. In: Proceedings of programming languages and analysis for security (PLAS’09). pp 1–7

  37. Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in android. In: Proceedings of the 9th international conference on mobile systems, applications, and services. ACM, Washington, pp 239–252

  38. Cozza R, Durand I, Gupta A (2014) Market share: ultramobiles by region, OS and Form Factor, 4Q13 and 2013 Gartner market research report

  39. Davi L, Dmitrienko A, Sadeghi A, Winandy M Burmester M, Tsudik G, Magliveras S, Ilić I (eds) (2010) Privilege escalation attacks on android. Springer, Berlin

  40. Dietz M, Shekhar S, Pisetsky Y, Shu A, Wallach DS (2011) QUIRE: Lightweight provenance for smart phone operating systems. In: USENIX Security symposium. San Francisco, CA

  41. Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM Conference on computer and communications security, CCS ’11. https://doi.org/10.1145/2046707.2046779. ACM, Chicago, pp 627–638

  42. Felt AP, Hanna S, Chin E, Wang HJ, Moshchuk E (2011) Permission re-delegation: attacks and defenses. In: In 20th Usenix security symposium. San Francisco, CA

  43. Fragkaki E, Bauer L, Jia L, Swasey D (2012) Modeling and enhancing android’s permission system. In: 17th European symposium on research in computer security (ESORICS), pp 1–18

  44. Fuchs AP, Chaudhuri A, Foster JS (2009) SCanDroid: automated security certification of Android applications

  45. Ganov S, Khurshid S, Perry DE (2012) Annotations for alloy: automated incremental analysis using domain specific solvers. In: Proceedings of ICFEM, pp 414–429

  46. Hammad M, Bagheri H, Malek S (2017) Determination and enforcement of least-privilege architecture in android. In: 2017 IEEE International conference on software architecture, ICSA 2017, Gothenburg, Sweden, April 3-7, 2017. IEEE, pp 59–68. https://doi.org/10.1109/ICSA.2017.18

  47. Hammad M, Bagheri H, Malek S (2019) DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android. J Syst Softw 149:83–100

    Article  Google Scholar 

  48. Jackson D (2002) Alloy: a lightweight object modelling notation. ACM Trans Softw Eng Methodol (TOSEM) 11(2):256–290

    Article  Google Scholar 

  49. Khurshid S, Marinov D (2004) TestEra: specification-based testing of java programs using SAT. Autom Softw Eng 11(4):403–434

    Article  Google Scholar 

  50. Klieber W, Flynn L, Bhosale A, Jia L, Bauer L (2014) Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International workshop on the state of the art in java program analysis. ACM, Edinburgh, UK, pp 1–6

  51. Lee YK, Bang JY, Safi G, Shahbazian A, Zhao Y, Medvidovic N (2017) A SEALANT for inter-app security holes in android. In: Proceedings of the 39th International conference on software engineering, ICSE 2017, Buenos Aires, Argentina, May 20-28, 2017. pp 312–323

  52. Li L, Bartel A, Bissyandé TF, Klein J, Traon YL (2015) ApkCombiner: combining multiple android apps to support inter-app analysis. In: Federrath H, Gollmann D (eds) ICT Systems security and privacy protection - 30th IFIP TC 11 International conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings, ICT SEC’15, vol 455. Springer, pp 513–527. https://doi.org/10.1007/978-3-319-18467-8_34

  53. Li L, Bartel A, Bissyande T, Klein J, Traon YL, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P (2015) IccTA: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International conference on software engineering, ICSE 2015. Florence, Italy

  54. Li L, Bartel A, Klein J, Traon YL, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P (2014) I know what leaked in your pocket: uncovering privacy leaks on android apps with static taint analysis. arXiv:1404.7431 [cs]

  55. Lu L, Li Z, Wu Z, Lee W, Jiang G (2012) Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, Raleigh, pp 229–240

  56. Marforio C, Ritzdorf H, Francillo A, Capkun S (2012) Analysis of the communication between colluding applications on modern smartphones. In: The annual computer security applications conference (ACSAC), ACSAC’12

  57. Mirzaei N, Garcia J, Bagheri H, Sadeghi A, Malek S (2016) Reducing combinatorics in GUI testing of android applications. In: Dillon LK, Visser W, Williams L (eds) Proceedings of the 38th International conference on software engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016. ACM, pp 559–570. https://doi.org/10.1145/2884781.2884853

  58. Near JP, Jackson D (2014) Derailer: interactive security analysis for web applications. In: Proceedings of the 29th ACM/IEEE International conference on automated software engineering, ASE ’14. https://doi.org/10.1145/2642937.2643012. ACM, New York, pp 587–598

  59. Octeau D, Jha S, Dering M, McDaniel P, Bartel A, Li L, Klein J, Traon YL (2016) Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: Bodík R, Majumdar R (eds) Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, POPL 2016, St. Petersburg, FL, USA, January 20 - 22, 2016. ACM, pp 469–484. https://doi.org/10.1145/2837614.2837661

  60. Octeau D, Luchaup D, Dering M, Jha S, McDaniel P (2015) Composite constant propagation: application to android inter-component communication analysis. In: International conference on software engineering. IEEE, Florence

  61. Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Le Traon Y (2013) Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. In: Proceedings of the 22Nd USENIX Conference on security, SEC’13. USENIX Association, pp 543–558

  62. Ravitch T, Creswick ER, Tomb A, Foltzer A, Elliott T, Casburn L (2014) Multi-app security analysis with FUSE: statically detecting android app collusion. In: Proceedings of the 4th Program protection and reverse engineering workshop, PPREW-4. ACM, New Orleans pp 4:1–4:10. https://doi.org/10.1145/2689702.2689705

  63. Rosner N, Siddiqui JH, Aguirre N, Khurshid S, Frias MF (2013) Ranger: parallel analysis of alloy models by range partitioning. In: Proceeding of the 28th IEEE/ACM International conference on automated software engineering (ASE). pp 147–157

  64. Sadeghi A, Bagheri H, Garcia J, Malek S (2017) A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans Software Eng 43(6):492–530. https://doi.org/10.1109/TSE.2016.2615307

    Article  Google Scholar 

  65. Sadeghi A, Bagheri H, Malek S (2015) Analysis of android inter-app security vulnerabilities using COVERT. In: Bertolino A, Canfora G, Elbaum SG (eds) 37th IEEE/ACM International conference on software engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, vol 2. IEEE Computer Society, pp 725–728. https://doi.org/10.1109/ICSE.2015.233

  66. Sadeghi A, Jabbarvand R, Ghorbani N, Bagheri H, Malek S (2018) A temporal permission analysis and enforcement framework for android. In: Proceedings of the 40th International conference on software engineering, ICSE’18. pp 846–857

  67. Schmerl BR, Gennari J, Sadeghi A, Bagheri H, Malek S, Cámara J, Garlan D (2016) Architecture modeling and analysis of security in android systems. In: Tekinerdogan B, Zdun U, Babar MA (eds) Software architecture - 10th european conference, ECSA 2016, Copenhagen, Denmark, November 28 - December 2, 2016, Proceedings, Lecture Notes in Computer Science, vol 9839. pp 274–290. https://doi.org/10.1007/978-3-319-48992-6_21

  68. Seneviratne S, Seneviratne A, Mohapatra P, Mahanti A (2014) Predicting user traits from a snapshot of apps installed on a Smartphone. ACM SIGMOBILE Mobil Comput Commun Rev 18(2):1–8

    Article  Google Scholar 

  69. Smith E, Coglio A (2015) Android platform modeling and android app verification in the ACL2 theorem prover. In: Proceedings of the 7th International conference on verified software: theories, tools, and experiments, VSTTE’15, pp 183–201

  70. Taghdiri M (2004) Inferring specifications to detect errors in code. In: Proceedings of the 19th IEEE International conference on automated software engineering, ASE ’04. https://doi.org/10.1109/ASE.2004.42. IEEE Computer Society, Washington, pp 144–153

  71. Torlak E (2009) A constraint solver for software engineering: finding models and cores of large relational specifications. PhD thesis, MIT. http://alloy.mit.edu/kodkod/

  72. Uzuncaova E, Khurshid S (2007) Kato: A Program Slicing Tool for Declarative Specifications. In: Proceedings of international conference on software engineering, ICSE’07, pp 767–770

  73. Uzuncaova E, Khurshid S (2008) Constraint prioritization for efficient analysis of declarative models. In: Proceedings of international symposium on formal methods, FM’08

  74. Wei F, Roy S, Ou X (2014) Robby: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, CCS ’14. https://doi.org/10.1145/2660267.2660357. ACM, Scottsdale, pp 1329–1341

  75. Zheng G, Bagheri H, Rothermel G, Wang J (2020) Platinum: Reusing Constraint Solutions in Bounded Analysis of Relational Logic. In: Wehrheim H, Cabot J (eds) Fundamental approaches to software engineering - 23rd international conference, FASE 2020, Held as part of the european joint conferences on theory and practice of software, ETAPS 2020, Dublin, Ireland, April 25-30, 2020, Proceedings, Lecture Notes in Computer Science, vol 12076. Springer, pp 29–52

Download references

Acknowledgements

We thank Alireza Sadeghi for his help with the COVERT framework and helpful feedback on an early draft of the paper. This work was supported in part by an NSF EPSCoR FIRST award, and awards CCF-1618132, CCF-1755890, and CNS-1823262 from the National Science Foundation.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Hamid Bagheri.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article belongs to the Topical Collection: Software Maintenance and Evolution (ICSME)

Communicated by: David Lo and Foutse Khomh

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Bagheri, H., Wang, J., Aerts, J. et al. Flair: efficient analysis of Android inter-component vulnerabilities in response to incremental changes. Empir Software Eng 26, 54 (2021). https://doi.org/10.1007/s10664-020-09932-6

Download citation

Keywords

  • Android analysis
  • Evolving software
  • Relational logic