Abstract
With the booming mobile Internet and Android App market, Android security issues have become increasingly prominent. As the main way for information disclosure in Android Apps, sensitive path has become an important part of Android security research. Aiming at the problem that static analysis cannot verify whether the sensitive path is triggered by reality, this paper proposes a system ADS-SA based on static analysis to automatically detect sensitive path. The system first constructs an Android component conversion diagram through data flow analysis, and then obtains an Android function call graph through control flow analysis. Secondly, the sensitive path backtracking algorithm is designed and used to obtain the sensitive path set. Finally, the automated testing framework, Appium, is used to trigger and verify the authenticity of the sensitive path set. The test results show that the ADS-SA can automatically detect more than 87% of sensitive paths at a low time cost with high reliability and effectiveness.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
CNCERT: Analysis of the proportion of domestic operating systems and browsers in the third quarter of 2018 [EB/OL], 21 November 2018. http://cert.org.cn/publish/main/68/2018/20181121084040286901315/20181121084040286901315_.html. Accessed 16 Mar 2019
Rountev, A., Yan, D.: Static reference analysis for GUI objects in Android software. In: Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization, pp. 143–154. ACM (2014)
Yang, S., Yan, D., Wu, H., et al.: Static control-flow analysis of user-driven callbacks in Android applications. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 89–99. IEEE (2015)
Chen, X., Zhu, S.: DroidJust: automated functionality-aware privacy leakage analysis for Android applications. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, p. 5. ACM (2015)
Au, K.W.Y., Zhou, Y.F., Huang, Z., et al.: PScout: analyzing the Android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)
Bai, G., Ye, Q., Wu, Y., et al.: Towards model checking Android applications. IEEE Trans. Softw. Eng. 44(6), 595–612 (2018)
Yang, Z., Yang, M., Zhang, Y., et al.: Appintent: analyzing sensitive data transmission in Android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 1043–1054. ACM (2013)
Onwuzurike, L., Almeida, M., Mariconti, E., et al.: A family of droids–Android malware detection via behavioral modeling: static vs dynamic analysis. arXiv preprint arXiv:1803.03448 (2018)
Su, T., Meng, G., Chen, Y., et al.: Guided, stochastic model-based GUI testing of Android apps. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, pp. 245–256. ACM (2017)
Sun, Y.S., Chen, C.-C., Hsiao, S.-W., Chen, M.C.: ANTSdroid: automatic malware family behaviour generation and analysis for Android apps. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 796–804. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_48
Zheng, M., Sun, M., Lui, J.C.S.: DroidTrace: a ptrace based Android dynamic analysis system with forward execution capability. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 128–133. IEEE (2014)
Kabakus, A.T., Dogru, I.A.: An in-depth analysis of Android malware using hybrid techniques. Digit. Invest. 24, 25–33 (2018)
Hans, M.: Appium Essentials, pp. 19–29. Packt Publishing Ltd. (2015)
Choudhary, S.R., Gorla, A., Orso, A.: Automated test input generation for Android: are we there yet? In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 429–440. IEEE (2015)
Zhang, J., Qin, Z., Zhang, K., et al.: Dalvik opcode graph based Android malware variants detection using global topology features. IEEE Access 6, 51964–51974 (2018)
Li, L., Bartel, A., Bissyandé, T.F., et al.: IccTa: detecting inter-component privacy leaks in Android apps. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 280–291. IEEE Press (2015)
Sun, C., Zhang, H., Qin, S., et al.: DexX: a double layer unpacking framework for Android. IEEE Access 6, 61267–61276 (2018)
Adamo, D., Nurmuradov, D., Piparia, S., et al.: Combinatorial-based event sequence testing of Android applications. Inf. Softw. Technol. 99, 98–117 (2018)
Wei, S., Wu, G., Luo, N., et al.: DroidBet: event-driven automatic detection of network behaviors for Android applications. J. Commun. 38(5), 84–95 (2017)
Garg, S.: Creating automation frameworks using Appium. In: Appium Recipes, pp. 101–127. Apress, Berkeley (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Song, H., Lin, D., Zhu, S., Wang, W., Zhang, S. (2019). ADS-SA: System for Automatically Detecting Sensitive Path of Android Applications Based on Static Analysis. In: Wang, G., El Saddik, A., Lai, X., Martinez Perez, G., Choo, KK. (eds) Smart City and Informatization. iSCI 2019. Communications in Computer and Information Science, vol 1122. Springer, Singapore. https://doi.org/10.1007/978-981-15-1301-5_25
Download citation
DOI: https://doi.org/10.1007/978-981-15-1301-5_25
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1300-8
Online ISBN: 978-981-15-1301-5
eBook Packages: Computer ScienceComputer Science (R0)