ABSTRACT
Dynamic taint analysis - a program analysis technique that checks whether information flows between particular source and sink locations in the program, has numerous applications in security, program comprehension, and software testing. Specifically, in mobile software, taint analysis is often used to determine whether mobile apps contain stealthy behaviors that leak user-sensitive information to unauthorized third-party servers. While a number of dynamic taint analysis techniques for Android software have been recently proposed, none of them are able to report the complete information propagation path, only reporting flow endpoints, i.e., sources and sinks of the detected information flows. This design optimizes for runtime performance and allows the techniques to run efficiently on a mobile device. Yet, it impedes the applicability and usefulness of the techniques: an analyst using the tool would need to manually identify information propagation paths, e.g., to determine whether information was properly handled before being released, which is a challenging task in large real-world applications.
In this paper, we address this problem by proposing a dynamic taint analysis technique that reports accurate taint propagation paths. We implement it in a tool, ViaLin, and evaluate it on a set of existing benchmark applications and on 16 large Android applications from the Google Play store. Our evaluation shows that ViaLin accurately detects taint flow paths while running on a mobile device with a reasonable time and memory overhead.
- [n. d.]. Avoid Hard-coded JWT Secret Keys. https://www.appmarq.com/public/tqi,1025030,Avoid-hard-coded-JWT-secret-keys Google Scholar
- [n. d.]. DroidBench 3.0. https://github.com/secure-software-engineering/DroidBench/tree/develop Google Scholar
- [n. d.]. ICC-Bench. https://github.com/fgwei/ICC-Bench Google Scholar
- [n. d.]. JWT Hardcoded Secret Key. https://docs.boostsecurity.io/rules/code-jwt-hardcoded-secret-key.html Google Scholar
- [n. d.]. Malicious WhatsApp Mod Distributed Through Legitimate Apps. https://securelist.com/malicious-whatsapp-mod-distributed-through-legitimate-apps/107690/ Google Scholar
- [n. d.]. TaintBench. https://taintbench.github.io/taintbenchSuite/ Google Scholar
- Khaled Ahmed, Mieszko Lis, and Julia Rubin. 2021. Mandoline: Dynamic Slicing of Android Applications with Trace-Based Alias Analysis. In 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST). 105–115. Google Scholar
- Khaled Ahmed, Yingying Wang, Mieszko Lis, and Julia Rubin. 2023. Supplementary Materials.. https://resess.github.io/artifacts/ViaLin/ Google Scholar
- Steven Arzt. 2017. Static Data Flow Analysis for Android Applications. Ph. D. Dissertation. Darmstadt University of Technology, Germany. Google Scholar
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proc. of Conference on Programming Language Design and Implementation (PLDI). 259–269. Google ScholarDigital Library
- Tanzirul Azim, Arash Alavi, Iulian Neamtiu, and Rajiv Gupta. 2019. Dynamic Slicing for Android. In Proc. of International Conference on Software Engineering (ICSE). 1154–1164. Google ScholarDigital Library
- Golam Sarwar Babil, Olivier Mehani, Roksana Boreli, and Mohamed-Ali Kaafar. 2013. On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-based Devices. In Proc. of International Conference on Security and Cryptography (SECRYPT). 1–8. Google Scholar
- Michael Backes, Sven Bugiel, Oliver Schranz, Philipp Von Styp-Rekowsky, and Sebastian Weisgerber. 2017. ARTist: The Android Runtime Instrumentation and Security Toolkit. In Proc. of European Symposium on Security and Privacy (EuroS&P). 481–495. Google ScholarCross Ref
- David Brumley, Juan Caballero, Zhenkai Liang, and James Newsome. 2007. Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. In Proc. of USENIX Security Symposium. Google Scholar
- Michael Cao, Khaled Ahmed, and Julia Rubin. 2022. Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware. In Proc. of International Conference on Software Engineering (ICSE). 1919–1931. Google ScholarDigital Library
- João Cartucho. [n. d.]. Record and Replay Touchscreen Events on Android. https://github.com/Cartucho/android-touch-record-replay Google Scholar
- Dorothy E. Denning and Peter J. Denning. 1977. Certification of Programs for Secure Information Flow. Commun. ACM, 20, 7 (1977), 504–513. Google ScholarDigital Library
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proc. of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Google Scholar
- William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Transactions on Computer Systems (TOCS), 32, 2 (2014), 1–29. Google ScholarDigital Library
- Xiaoqin Fu and Haipeng Cai. 2021. FlowDist: Multi-Staged Refinement-Based Dynamic Information Flow Analysis for Distributed Software Systems. In Proc. of USENIX Security Symposium. 2093–2110. Google Scholar
- Michael I Gordon, Deokhwan Kim, Jeff H Perkins, Limei Gilham, Nguyen Nguyen, and Martin C Rinard. 2015. Information Flow Analysis of Android Applications in DroidSafe. In Proc. of Network and Distributed System Security Symposium (NDSS). Google ScholarCross Ref
- Mariem Graa, Nora Cuppens-Boulahia, Frédéric Cuppens, and Ana Cavalli. 2015. Detection of Illegal Control Flow in Android System: Protecting Private Data Used by Smartphone Apps. In Proc. of International Symposium on Foundations and Practice of Security (FPS). 337–346. Google ScholarCross Ref
- William G. J. Halfond, Alessandro Orso, and Panagiotis Manolios. 2006. Using Positive Tainting and Syntax-aware Evaluation to Counter SQL Injection Attacks. In Proc. of International Symposium on Foundations of Software Engineering (FSE). 175–185. Google ScholarDigital Library
- Behnaz Hassanshah and Roland H.C. Yap. 2017. Android Database Attacks Revisited. In Proc. of Asia Conference on Computer and Communications Security (ASIA CSS). 625–639. Google Scholar
- Katherine Hough and Jonathan Bell. 2022. A Practical Approach for Dynamic Taint Tracking with Control-flow Relationships. Transactions on Software Engineering and Methodology (TOSEM), 31, 2 (2022), 26:1–26:43. Google Scholar
- Hiroki Inayoshi, Shohei Kakei, Eiji Takimoto, Koichi Mouri, and Shoichi Saito. 2019. Prevention of Data Leakage due to Implicit Information Flows in Android Applications. In Proc. of Asia Joint Conference on Information Security (AsiaJCIS). 103–110. Google ScholarCross Ref
- Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee. 2017. RAIN: Refinable Attack Investigation with On-Demand Inter-Process Information Flow Tracking. In Proc. of Conference on Computer and Communications Security (CCS). 377–390. Google ScholarDigital Library
- Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, and Wenke Lee. 2018. Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking. In Proc. of USENIX Security Symposium. 1705–1722. Google Scholar
- Ulf Kargén and Nahid Shahmehri. 2012. InputTracer: A Data-Flow Analysis Tool for Manual Program Comprehension of x86 Binaries. In Proc. of International Working Conference on Source Code Analysis and Manipulation (SCAM). 138–143. Google ScholarDigital Library
- Jingfei Kong, Cliff Changchun Zou, and Huiyang Zhou. 2006. Improving Software Security Via Runtime Instruction-level Taint Checking. In Proc. of ASPLOS Workshop on Architectural and System Support for Improving Software Dependability (ASID). 18–24. Google ScholarDigital Library
- Bogdan Korel and Satish Yalamanchili. 1994. Forward Computation of Dynamic Program Slices. In Proc. of International Symposium on Software Testing and Analysis (ISSTA). 66–79. Google ScholarDigital Library
- Timothy Robert Leek, Graham Z Baker, Ruben Edward Brown, Michael A Zhivich, and RP Lippmann. 2007. Coverage Maximization Using Dynamic Taint Tracing. MIT Lincoln Laboratory. Google Scholar
- Wes Masri, Nagi Nahas, and Andy Podgurski. 2006. Memoized Forward Computation of Dynamic Slices. In Porc. of International Symposium on Software Reliability Engineering (ISSRE). 23–32. Google Scholar
- Wes Masri and Andy Podgurski. 2008. Application-based Anomaly Intrusion Detection with Dynamic Information Flow Analysis. Computers & Security, 27, 5 (2008), 176–187. Google ScholarDigital Library
- Wes Masri and Andy Podgurski. 2009. Algorithms and Tool Support for Dynamic Information Flow Analysis. Information and Software Technology, 51, 2 (2009), 385–404. Google ScholarDigital Library
- Wes Masri, Andy Podgurski, and David Leon. 2004. Detecting and Debugging Insecure Information Flows. In Porc. of International Symposium on Software Reliability Engineering (ISSRE). 198–209. Google Scholar
- Wei Meng, Ren Ding, Simon P. Chung, Steven Han, and Wenke Lee. 2016. The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads. In Proc. of Network and Distributed System Security Symposium (NDSS). Google ScholarCross Ref
- Meisam Navaki Arefi, Geoffrey Alexander, Hooman Rokham, Aokun Chen, Michalis Faloutsos, Xuetao Wei, Daniela Seabra Oliveira, and Jedidiah R. Crandall. 2018. FAROS: Illuminating In-memory Injection Attacks via Provenance-Based Whole-System Dynamic Information Flow Tracking. In Proc. of International Conference on Dependable Systems and Networks (DSN). 231–242. Google Scholar
- Felix Pauck, Eric Bodden, and Heike Wehrheim. 2018. Do Android Taint Analysis Tools Keep Their Promises? In Proc. of International Symposium on the Foundations of Software Engineering (FSE). 331–341. Google ScholarDigital Library
- Lina Qiu, Yingying Wang, and Julia Rubin. 2018. Analyzing the Analyzers: FlowDroid/IccTA, AmanDroid, and DroidSafe. In Proc. of International Symposium on Software Testing and Analysis (ISSTA). 176–186. Google ScholarDigital Library
- Ali Razeen, Alvin R. Lebeck, David H. Liu, Alexander Meijer, Valentin Pistol, and Landon P. Cox. 2018. SandTrap: Tracking Information Flows On Demand with Parallel Permissions. In Proc. of Annual International Conference on Mobile Systems, Applications, and Services (MobiSys). 230–242. Google Scholar
- Thomas W. Reps, Susan Horwitz, and Shmuel Sagiv. 1995. Precise Interprocedural Dataflow Analysis via Graph Reachability. In Proc. of Symposium on Principles of Programming Languages (POPL). 49–61. Google ScholarDigital Library
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proc. of Symposium on Security and Privacy (SP). 317–331. Google ScholarDigital Library
- Paritosh Shroff, Scott Smith, and Mark Thober. 2007. Dynamic Dependency Monitoring to Secure Information Flow. In Proc. of Computer Security Foundations Symposium (CSF). 203–217. Google ScholarDigital Library
- Sun, Mingshen and Wei, Tao and Lui, John C.S.. 2016. TaintART: A Practical Multi-Level Information-Flow Tracking System for Android RunTime. In Proc. of Conference on Computer and Communications Security (CCS). 331–342. Google Scholar
- Omer Tripp, Marco Pistoia, Stephen J. Fink, Manu Sridharan, and Omri Weisman. 2009. TAJ: Effective Taint Analysis of Web Applications. In Proc. of the Conference on Programming Language Design and Implementation (PLDI). 87–97. Google ScholarDigital Library
- Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. 2014. Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps. In Proc. of Conference on Computer and Communications Security (CCS). 1329–1341. Google ScholarDigital Library
- Zhen Xu, Chen Shi, Chris Chao-Chun Cheng, Neil Zhengqiang Gong, and Yong Guan. 2018. A Dynamic Taint Analysis Tool for Android App Forensics. In Proc. of Security and Privacy Workshops (SPW). 160–169. Google ScholarCross Ref
- Lei Xue, Chenxiong Qian, Hao Zhou, Xiapu Luo, Yajin Zhou, Yuru Shao, and Alvin T.S. Chan. 2019. NDroid: Toward Tracking Information Flows Across Multiple Android Contexts. Transactions on Information Forensics and Security (TIFS), 14, 3 (2019), 814–828. Google ScholarCross Ref
- Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, and Guofei Gu. 2017. Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART. In Proc. of USENIX Security Symposium. 289–306. Google Scholar
- Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. 2007. Panorama: Capturing System-Wide Information Flow for Malware Detection and Analysis. In Proc. of Conference on Computer and Communications Security (CCS). 116–127. Google ScholarDigital Library
- Wei You, Bin Liang, Wenchang Shi, Peng Wang, and Xiangyu Zhang. 2020. TaintMan: An ART-Compatible Dynamic Taint Analysis Framework on Unmodified and Non-Rooted Android Devices. Transactions on Dependable and Secure Computing (TDSC), 17, 1 (2020), 209–222. Google ScholarDigital Library
- Junbin Zhang, Yingying Wang, Lina Qiu, and Julia Rubin. 2021. Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DroidSafe. Transactions on Software Engineering (TSE). Google Scholar
- Mu Zhang and Heng Yin. 2014. Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding. In Proc. of Symposium on Information, Computer and Communications Security (ASIA CCS). 259–270. Google ScholarDigital Library
Index Terms
- ViaLin: Path-Aware Dynamic Taint Analysis for Android
Recommendations
Quantitave Dynamic Taint Analysis of Privacy Leakage in Android Arabic Apps
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and SecurityAndroid smartphones are ubiquitous all over the world, and organizations that turn profits out of data mining user personal information are on the rise. Many users are not aware of the risks of accepting permissions from Android apps, and the continued ...
Scalable and precise taint analysis for Android
ISSTA 2015: Proceedings of the 2015 International Symposium on Software Testing and AnalysisWe propose a type-based taint analysis for Android. Concretely, we present DFlow, a context-sensitive information flow type system, and DroidInfer, the corresponding type inference analysis for detecting privacy leaks in Android apps. We present novel ...
Practical Precise Taint-flow Static Analysis for Android App Sets
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and SecurityColluding apps, or a combination of a malicious app and leaky app, can use intents (messages sent to Android app components) to exfiltrate sensitive or private information from an Android phone. This paper describes a novel static analysis method "...
Comments