TU Darmstadt / ULB / TUbiblio

I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis

Li, Li and Bartel, Alexandre and Klein, Jacques and Traon, Yves Le and Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric and Octeau, Damien and McDaniel, Patrick (2014):
I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis.
[Online-Edition: http://www.abartel.net/static/p/tr-iccta.pdf],
[Report]

Abstract

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components, which improves the precision of the analysis. IccTA outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our approach detects 147 inter-component based privacy leaks in 14 applications in a set of 3000 real-world applications with a precision of 88.4%. With the help of ApkCombiner, our approach is able to detect inter-app based privacy leaks.

Item Type: Report
Erschienen: 2014
Creators: Li, Li and Bartel, Alexandre and Klein, Jacques and Traon, Yves Le and Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric and Octeau, Damien and McDaniel, Patrick
Title: I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis
Language: English
Abstract:

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components, which improves the precision of the analysis. IccTA outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our approach detects 147 inter-component based privacy leaks in 14 applications in a set of 3000 real-world applications with a precision of 88.4%. With the help of ApkCombiner, our approach is able to detect inter-app based privacy leaks.

Journal or Publication Title: arXiv preprint arXiv:1404.7431
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > EC SPRIDE
20 Department of Computer Science > EC SPRIDE > Secure Software Engineering
Zentrale Einrichtungen
LOEWE
20 Department of Computer Science
LOEWE > LOEWE-Zentren
Date Deposited: 24 Nov 2014 14:18
Official URL: http://www.abartel.net/static/p/tr-iccta.pdf
Identification Number: ISBN 978-2-87971-129-4
Export:

Optionen (nur für Redakteure)

View Item View Item