DroidRista: a highly precise static data flow analysis framework for android applications

DroidRista: a highly precise static data flow analysis framework for android applications

The Android operating system dominates the smartphone market. Thus, to service the market, the number of Android applications has risen dramatically. These applications are processing a great amount of sensitive data, which could result in various concerns including data leakage and privacy violatio...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security Vol. 19; no. 5; pp. 523 - 536
Main Authors: Alzaidi, Areej, Alshehri, Suhair, Buhari, Seyed M.
Format: Journal Article
Language:English
Published: Berlin/Heidelberg Springer Berlin Heidelberg 01-10-2020
Springer Nature B.V
Subjects:
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Data analysis
Data flow analysis
Data integrity
Electronic devices
False alarms
Leakage
Management of Computing and Information Systems
Markets
Mobile operating systems
Networks
Operating Systems
Performance evaluation
Privacy
Reflection
Regular Contribution
Smartphones
Data leakage
Privacy
Android applications
Static data flow analysis
Reflection
Implicit flow
Mobile applications
ICC (inter-component communication)
Android
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Android operating system dominates the smartphone market. Thus, to service the market, the number of Android applications has risen dramatically. These applications are processing a great amount of sensitive data, which could result in various concerns including data leakage and privacy violations. For example, applications may misuse the sensitive data stored on Android devices and violate the privacy of the user. Therefore, it is essential to maintain user privacy and protect sensitive data from leakage. Static data flow analysis approaches are used for analyzing Android applications to uncover security and privacy issues. However, these approaches frequently generate false alarms, given the different challenges created by Android applications, such as inter-component communication (ICC), reflection, and implicit flow. This work presents the DroidRista approach for conducting static data flow analysis on Android applications to detect sensitive data leakage. DroidRista analyzes ICC, reflection, and implicit flow in Android applications. To evaluate the performance of DroidRista, it was tested on three data sets. The results demonstrate improved performance in terms of detecting data leakage compared to existing static data flow analysis approaches.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-019-00471-w