research-article

FastDroid: efficient taint analysis for Android applications

Authors:

Jie Zhang,

Cong Tian,

Zhenhua DuanAuthors Info & Claims

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

Pages 236 - 237

https://doi.org/10.1109/ICSE-Companion.2019.00092

Published: 25 May 2019 Publication History

Get Access

Abstract

In recent years, sensitive data leaks of Android system attracted significant attention. The traditional tools for detecting leaks usually focus on the precision and recall with few of them addressing the importance of the efficiency. The high costs of these tools often make them fail in analyzing apps in large scale and thus block them from wide usage in practice. In this paper, we propose FastDroid, an efficient and precise tool for detecting sensitive data leaks in Android apps. First, a flow-insensitive taint analysis is conducted to construct the taint value graph (TVG) which is defined to describe the process of taint propagation. Then, potential taint flows (PTFs) are extracted from TVG. Finally, the PTFs are checked on the control flow graph (CFG) to acquire the real taint flows. FastDroid is evaluated on three test suites. The results show that FastDroid maintains a high precision and recall; meanwhile it improves the efficiency significantly.

References

[1]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. L. Traon, D. Octeau, and P. D. Mcdaniel, "Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps," Programming Language Design and Implementation, vol. 49, no. 6, pp. 259--269, 2014.

Digital Library

Google Scholar

[2]

Y. Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution," IEEE Symposium on Security and Privacy, pp. 95--109, 2012.

Digital Library

Google Scholar

Cited By

View all

Fan MShi JWang YYu LZhang XWang HJin WLiu TFilkov VRay BZhou M(2024)Giving without Notifying: Assessing Compliance of Data Transmission in Android AppsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695528(1595-1606)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695528
Wang CKo RZhang YYang YLin ZGrundy JPollock LPenta M(2023)TaintMini: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint AnalysisProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00086(932-944)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00086
Moussaileb RCuppens NLanet JBouder H(2021)A Survey on Windows-based Ransomware Taxonomy and Detection MechanismsACM Computing Surveys10.1145/345315354:6(1-36)Online publication date: 13-Jul-2021
https://dl.acm.org/doi/10.1145/3453153
Show More Cited By

Recommendations

Scalable and precise taint analysis for Android
ISSTA 2015: Proceedings of the 2015 International Symposium on Software Testing and Analysis

We propose a type-based taint analysis for Android. Concretely, we present DFlow, a context-sensitive information flow type system, and DroidInfer, the corresponding type inference analysis for detecting privacy leaks in Android apps. We present novel ...
An efficient approach for taint analysis of android applications
Abstract
In recent years, sensitive data leaks of Android system attracted significant attention. The traditional facilities proposed for detecting these leaks, i.e. taint analysis, mostly focus on the precision and recall of the result with ...
TAJ: effective taint analysis of web applications
PLDI '09

Taint analysis, a form of information-flow analysis, establishes whether values from untrusted methods and parameters may flow into security-sensitive operations. Taint analysis can detect many common vulnerabilities in Web applications, and so has ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

May 2019

369 pages

Conference Chair:
Gunter Mussbacher
McGill University, Canada
,
General Chair:
Joanne M. Atlee
University of Waterloo, Canada
,
Program Chair:
Tevfik Bultan
University of California, Santa Barbara

Publisher

IEEE Press

Publication History

Published: 25 May 2019

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '19

Sponsor:

SIGSOFT
IEEE-CS

ICSE '19: 41st International Conference on Software Engineering

May 25 - 31, 2019

Quebec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
70
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Fan MShi JWang YYu LZhang XWang HJin WLiu TFilkov VRay BZhou M(2024)Giving without Notifying: Assessing Compliance of Data Transmission in Android AppsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695528(1595-1606)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695528
Wang CKo RZhang YYang YLin ZGrundy JPollock LPenta M(2023)TaintMini: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint AnalysisProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00086(932-944)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00086
Moussaileb RCuppens NLanet JBouder H(2021)A Survey on Windows-based Ransomware Taxonomy and Detection MechanismsACM Computing Surveys10.1145/345315354:6(1-36)Online publication date: 13-Jul-2021
https://dl.acm.org/doi/10.1145/3453153
Zhang JTian CDuan Z(2021)An efficient approach for taint analysis of android applicationsComputers and Security10.1016/j.cose.2020.102161104:COnline publication date: 1-May-2021
https://dl.acm.org/doi/10.1016/j.cose.2020.102161

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Scalable and precise taint analysis for Android

An efficient approach for taint analysis of android applications

TAJ: effective taint analysis of web applications