[en] The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to inter- component communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we ex- plicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.
Research center :
SnT
Disciplines :
Computer science
Author, co-author :
Li, Li ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Bartel, Alexandre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Klein, Jacques ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Le Traon, Yves ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
English
Title :
Detecting privacy leaks in Android Apps
Publication date :
26 February 2014
Number of pages :
6
Event name :
International Symposium on Engineering Secure Software and Systems - Doctoral Symposium
