AppWalker: Efficient and Accurate Dynamic Analysis of Apps via Concolic Walking Along the Event-Dependency Graph
Dynamic analyzing techniques play an important and unique role in detecting Android malware and vulnerabilities, as they can provide higher precision than static methods. However, they are inherently incomplete and inefficiency. We attack this problem by proposing a novel method, i.e., concolic walking along the event-dependency graph. We implement AppWalker based on it. Evaluation over a real-life app set shows that better efficiency and accuracy than state-of-the-art concolic analysis tools are achieved.
KeywordsDynamic analysis Android application Concolic execution Efficiency Accuracy
The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped to improve the quality of this paper. This work was supported by the National Natural Science Foundation of China under Grants Nos. 61170286, 61202486.
- 2.Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). IEEE Symp. Secur. Priv. 7, 317–331 (2010)Google Scholar
- 3.Anand, S., Naik, M., Harrold, M.J.: Automated concolic testing of smartphone apps. In: International Symposium on the Foundations of Software Engineering, pp. 1–11 (2012)Google Scholar
- 4.Yang, Z., Yang, M., Zhang, Y.: AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: ACM Sigsac Conference on Computer & Communications Security, pp. 1043–1054 (2013)Google Scholar
- 5.Dinges, P., Agha, G.: Solving complex path conditions through heuristic search on induced polytopes. In: ACM Sigsoft International Symposium, pp. 425–436 (2014)Google Scholar
- 6.Schutte, J., Fedler, R., Titze, D.: ConDroid: targeted dynamic analysis of android applications. In: IEEE Conference on Advanced Information Networking and Applications, pp. 571–578 (2015)Google Scholar
- 7.Wong, M.Y.Y.: Targeted dynamic analysis for android malware. Dissertations & Theses Gradworks (2015)Google Scholar
- 11.Svajcer, V.: Sophos mobile security threat report. http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.pdf
- 12.Ali: mobile vulnerability annual report (2015). http://jaq.alibaba.com/community/index
- 13.Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Conference on Operating Systems Design and Implementation, pp. 1–6 (2010)Google Scholar
- 14.Shauvik, R.C., Alessandra, G., Alessandro, O.: Automated test input generation for android: are we there yet? In: International Conference on Automated Software Engineering, pp. 44–52 (2015)Google Scholar