Skip to main content
SpringerLink
Log in

Unraveling Reflection Induced Sensitive Leaks in Android Apps

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10694))

Included in the following conference series:

  • 1063 Accesses

Abstract

Reflection is a programming language feature that permits analysis and transformation of the behavior of classes used in programs in general, and in apps in particular at the runtime. Reflection facilitates various features such as dynamic class loading, method invocation, and attribute usage at runtime. These language features allow the development of apps that may obtain and exchange information that is unavailable at compile time. Unfortunately, malware authors leverage reflection to subvert the malware detection by static analyzers as reflection can hinder taint analysis used by static analyzers for analysis of sensitive leaks. Even the latest, and probably the best performing static analyzers are not able to detect information leaks in the malware via reflection. In this paper, we propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise detection of leaks in malicious apps via reflection with code obfuscation. The evaluation of EspyDroid on the benchmark, VirusShare, and Playstore apps shows substantial improvement in detection of sensitive leaks via reflection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/secure-software-engineering/DroidBench/tree/develop/apk/Reflection_ICC/OnlyTelephony_Reverse.apk.

  2. 2.

    https://github.com/secure-software-engineering/DroidBench/blob/develop/apk/Reflection_ICC/OnlyIntent.apk.

  3. 3.

    MD5-0fa1d7a9ef7011ca8976910b07347732.

  4. 4.

    We contacted authors for code. They mentioned that their legal department is working on a proper license for Harvester.

References

  1. https://docs.oracle.com/javase/tutorial/reflect/

  2. https://github.com/pjlantz/droidbox/tree/master/APIMonitor

  3. Androguard. https://github.com/androguard/androguard

  4. DroidBench. https://github.com/secure-software-engineering/DroidBench/tree/develop

  5. Intents and Intent Filters. https://developer.android.com/guide/components/intents-filters.html

  6. RobotiumTech/robotium. https://github.com/RobotiumTech

  7. VirusShare. https://virusshare.com/

  8. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  9. Bodden, E., Sewe, A., Sinschek, J., Oueslati, H., Mezini, M.: Taming reflection: aiding static analysis in the presence of reflection and custom class loaders. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 241–250. ACM (2011)

    Google Scholar 

  10. Elish, K.O., Yao, D., Ryder, B.G.: On the need of precise inter-app icc classification for detecting android malware collusions. In: Proceedings of IEEE Mobile Security Technologies (MoST), in Conjunction with the IEEE Symposium on Security and Privacy (2015)

    Google Scholar 

  11. Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576–587. ACM (2014)

    Google Scholar 

  12. Gajrani, J., Li, L., Laxmi, V., Tripathi, M., Gaur, M.S., Conti, M.: Poster: detection of information leaks via reflection in android apps. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 911–913. ACM (2017)

    Google Scholar 

  13. Gajrani, J., Tripathi, M., Laxmi, V., Gaur, M., Conti, M., Rajarajan, M.: Spectra: a precise framework for analyzing cryptographic vulnerabilities in android apps. In: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 854–860. IEEE (2017)

    Google Scholar 

  14. Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in droidsafe. In: NDSS. Citeseer (2015)

    Google Scholar 

  15. Lam, P., Bodden, E., Lhoták, O., Hendren, L.: The soot framework for java program analysis: a retrospective. In: Cetus Users and Compiler Infastructure Workshop (CETUS 2011), vol. 15, p. 35 (2011)

    Google Scholar 

  16. Li, L., Bartel, A., Bissyande, T.F., Klein, J., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., McDaniel, P.: IccTA: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 280–291. IEEE Press (2015)

    Google Scholar 

  17. Li, L., Bissyandé, T.F., Octeau, D., Klein, J.: Droidra: taming reflection to support whole-program analysis of android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 318–329. ACM (2016)

    Google Scholar 

  18. Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: a view on current android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)

    Google Scholar 

  19. Octeau, D., Luchaup, D., Jha, S., McDaniel, P.: Composite constant propagation and its application to android program analysis. IEEE Trans. Softw. Eng. 42(11), 999–1014 (2016)

    Article  Google Scholar 

  20. Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective inter-component communication mapping in android: an essential step towards holistic security analysis. In: Presented as part of the 22nd USENIX Security Symposium (USENIX Security 2013), pp. 543–558 (2013)

    Google Scholar 

  21. Rasthofer, S., Arzt, S., Miltenberger, M., Bodden, E.: Harvesting runtime values in android applications that feature anti-analysis techniques. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS) (2016)

    Google Scholar 

  22. Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 49–61. ACM (1995)

    Google Scholar 

  23. Rocha, B.P., Conti, M., Etalle, S., Crispo, B.: Hybrid static-runtime information flow and declassification enforcement. IEEE Trans. Inf. Forensics Secur. 8(8), 1294–1305 (2013)

    Article  Google Scholar 

  24. Rubinov, K., Rosculete, L., Mitra, T., Roychoudhury, A.: Automated partitioning of android applications for trusted execution environments. In: Proceedings of the 38th International Conference on Software Engineering, pp. 923–934. ACM (2016)

    Google Scholar 

  25. Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1329–1341. ACM (2014)

    Google Scholar 

  26. Wong, M.Y., Lie, D.: Intellidroid: a targeted input generator for the dynamic analysis of android malware. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS) (2016)

    Google Scholar 

  27. Zhang, M., Duan, Y., Feng, Q., Yin, H.: Towards automatic generation of security-centric descriptions for android apps. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 518–529. ACM (2015)

    Google Scholar 

  28. Zhang, Y., Tan, T., Li, Y., Xue, J.: Ripple: reflection analysis for android apps in incomplete information environments. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 281–288. ACM (2017)

    Google Scholar 

  29. Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., Massacci, F.: Stadyna: addressing the problem of dynamic code updates in the security analysis of android applications. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 37–48. ACM (2015)

    Google Scholar 

Download references

Acknowledgments

This work is partially supported by Security Analysis Framework for Android Platform (SAFAL, Grant 1000109932) by Department of Electronics and Information Technology, Government of India. The work is also partially supported by CEFIPRA project. Mauro Conti is supported by EU TagItSmart! Project (agreement H2020-ICT30-2015-688061) and IT-CNR/Taiwan-MOST 2016-17 “Verifiable Data Structure Streaming”.

Author information

Authors and Affiliations

  1. MNIT, Jaipur, India

    Jyoti Gajrani, Vijay Laxmi, Meenakshi Tripathi & Manoj S. Gaur

  2. GEC Ajmer, Ajmer, India

    Daya Ram Sharma

  3. LaBRI, Bordeaux INP, CNRS, University of Bordeaux, Bordeaux, France

    Akka Zemmari & Mohamed Mosbah

  4. University of Padua, Padua, Italy

    Mauro Conti

Authors
  1. Jyoti Gajrani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Laxmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meenakshi Tripathi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Manoj S. Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Daya Ram Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Akka Zemmari
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Mohamed Mosbah
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jyoti Gajrani .

Editor information

Editors and Affiliations

  1. IMT Atlantique, Cesson Sévigné, France

    Nora Cuppens

  2. IMT Atlantique, Cesson Sévigné, France

    Frédéric Cuppens

  3. LHS Rennes, Rennes, France

    Jean-Louis Lanet

  4. Inria, Rennes, France

    Axel Legay

  5. Télécom SudParis, Evry Cedex, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gajrani, J. et al. (2018). Unraveling Reflection Induced Sensitive Leaks in Android Apps. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76687-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76686-7

  • Online ISBN: 978-3-319-76687-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation