Authors:
Luis Menezes
and
Roland Wismüller
Affiliation:
Institute of Computer Science and Universität Siegen, Germany
Keyword(s):
Static Analysis, Dynamic Analysis, Hybrid Analysis, Slicing, Android, Privacy, Information-flow.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Data Protection
;
Information and Systems Security
;
Personal Data Protection for Information Systems
;
Privacy
;
Privacy Enhancing Technologies
;
Security and Privacy in Mobile Systems
Abstract:
With the increasingly amount of private information stored in mobile devices, the need for more secure ways to detect, control and avoid malicious behaviors has become higher. The too coarse-grained permission system implemented in the Android platform does not cover problems regarding the flow of the data acquired by the apps. In order to enhance detection, awareness and avoidance of such unwanted information flows, we propose a hybrid information flow analysis that mixes the benefits of static and dynamic analysis, using slicing and instrumentation. Our results indicate a precise detection and only a small overhead while running the application. The validation of our method has been done by creating a tool called FLOWSLICER and using the category AndroidSpecific from the DROIDBENCH repository of applications with known information leaks.