Abstract
Reflection is a programming language feature that permits analysis and transformation of the behavior of classes used in programs in general, and in apps in particular at the runtime. Reflection facilitates various features such as dynamic class loading, method invocation, and attribute usage at runtime. These language features allow the development of apps that may obtain and exchange information that is unavailable at compile time. Unfortunately, malware authors leverage reflection to subvert the malware detection by static analyzers as reflection can hinder taint analysis used by static analyzers for analysis of sensitive leaks. Even the latest, and probably the best performing static analyzers are not able to detect information leaks in the malware via reflection. In this paper, we propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise detection of leaks in malicious apps via reflection with code obfuscation. The evaluation of EspyDroid on the benchmark, VirusShare, and Playstore apps shows substantial improvement in detection of sensitive leaks via reflection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
MD5-0fa1d7a9ef7011ca8976910b07347732.
- 4.
We contacted authors for code. They mentioned that their legal department is working on a proper license for Harvester.
References
Androguard. https://github.com/androguard/androguard
DroidBench. https://github.com/secure-software-engineering/DroidBench/tree/develop
Intents and Intent Filters. https://developer.android.com/guide/components/intents-filters.html
RobotiumTech/robotium. https://github.com/RobotiumTech
VirusShare. https://virusshare.com/
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)
Bodden, E., Sewe, A., Sinschek, J., Oueslati, H., Mezini, M.: Taming reflection: aiding static analysis in the presence of reflection and custom class loaders. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 241–250. ACM (2011)
Elish, K.O., Yao, D., Ryder, B.G.: On the need of precise inter-app icc classification for detecting android malware collusions. In: Proceedings of IEEE Mobile Security Technologies (MoST), in Conjunction with the IEEE Symposium on Security and Privacy (2015)
Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576–587. ACM (2014)
Gajrani, J., Li, L., Laxmi, V., Tripathi, M., Gaur, M.S., Conti, M.: Poster: detection of information leaks via reflection in android apps. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 911–913. ACM (2017)
Gajrani, J., Tripathi, M., Laxmi, V., Gaur, M., Conti, M., Rajarajan, M.: Spectra: a precise framework for analyzing cryptographic vulnerabilities in android apps. In: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 854–860. IEEE (2017)
Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in droidsafe. In: NDSS. Citeseer (2015)
Lam, P., Bodden, E., Lhoták, O., Hendren, L.: The soot framework for java program analysis: a retrospective. In: Cetus Users and Compiler Infastructure Workshop (CETUS 2011), vol. 15, p. 35 (2011)
Li, L., Bartel, A., Bissyande, T.F., Klein, J., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., McDaniel, P.: IccTA: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 280–291. IEEE Press (2015)
Li, L., Bissyandé, T.F., Octeau, D., Klein, J.: Droidra: taming reflection to support whole-program analysis of android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 318–329. ACM (2016)
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: a view on current android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17. IEEE (2014)
Octeau, D., Luchaup, D., Jha, S., McDaniel, P.: Composite constant propagation and its application to android program analysis. IEEE Trans. Softw. Eng. 42(11), 999–1014 (2016)
Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective inter-component communication mapping in android: an essential step towards holistic security analysis. In: Presented as part of the 22nd USENIX Security Symposium (USENIX Security 2013), pp. 543–558 (2013)
Rasthofer, S., Arzt, S., Miltenberger, M., Bodden, E.: Harvesting runtime values in android applications that feature anti-analysis techniques. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS) (2016)
Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 49–61. ACM (1995)
Rocha, B.P., Conti, M., Etalle, S., Crispo, B.: Hybrid static-runtime information flow and declassification enforcement. IEEE Trans. Inf. Forensics Secur. 8(8), 1294–1305 (2013)
Rubinov, K., Rosculete, L., Mitra, T., Roychoudhury, A.: Automated partitioning of android applications for trusted execution environments. In: Proceedings of the 38th International Conference on Software Engineering, pp. 923–934. ACM (2016)
Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1329–1341. ACM (2014)
Wong, M.Y., Lie, D.: Intellidroid: a targeted input generator for the dynamic analysis of android malware. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS) (2016)
Zhang, M., Duan, Y., Feng, Q., Yin, H.: Towards automatic generation of security-centric descriptions for android apps. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 518–529. ACM (2015)
Zhang, Y., Tan, T., Li, Y., Xue, J.: Ripple: reflection analysis for android apps in incomplete information environments. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 281–288. ACM (2017)
Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., Massacci, F.: Stadyna: addressing the problem of dynamic code updates in the security analysis of android applications. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 37–48. ACM (2015)
Acknowledgments
This work is partially supported by Security Analysis Framework for Android Platform (SAFAL, Grant 1000109932) by Department of Electronics and Information Technology, Government of India. The work is also partially supported by CEFIPRA project. Mauro Conti is supported by EU TagItSmart! Project (agreement H2020-ICT30-2015-688061) and IT-CNR/Taiwan-MOST 2016-17 “Verifiable Data Structure Streaming”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Gajrani, J. et al. (2018). Unraveling Reflection Induced Sensitive Leaks in Android Apps. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-76687-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76686-7
Online ISBN: 978-3-319-76687-4
eBook Packages: Computer ScienceComputer Science (R0)