Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security & Privacy

ISEA-ISAP 2019: Security and Privacy pp 219–233Cite as

APPLADroid: Automaton Based Inter-app Privacy Leak Analysis for Android

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 939))

Abstract

An app named “Aqua Mail” is a Google play store app with millions of downloads. It allows the user to manage Google account mails. For caching purposes, it stores the mails in a content provider protected with a custom permission rather than Android defined permission to access mails (MANAGE_ACCOUNTS). Another app named “Enhanced SMS and call” can access mails directly by obtaining the permission of reading the custom content provider of Aqua Mail. Google is not aware of the fact that any other app is accessing the mails. In order to detect such flows, a precise inter-app analysis is needed to identify leakage from source in one app to sink in another app.

In this paper, we present an extension of a static analysis technique named SniffDroid to detect the inter-app privacy leaks in Android. Our technique models Android apps and Android permissions as the automaton and utilizes the intersection property of automaton to detect privacy leakage. To assess the performance of the proposed approach, we analyzed Droidbench samples, self-made apps and Google playstore apps. We created novel samples of leakage through a chain of apps and analyzed them using open-source existing state-of-art approaches. We found that none of them could detect the leakage paths. The proposed approach detects the inter-app privacy leakage with 100% accuracy.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    In the paper, ICC mediums refer to intents, content providers and shared preferences.

  2. 2.

    Automaton refers to NFA in the paper.

References

  1. Barton, D.J.T.: Usable post-classification visualizations for Android collusion detection and inspection. Ph.D. thesis, Virginia Tech (2016)

    Google Scholar 

  2. Android Testing Cheat Sheet. https://www.owasp.org/index.php/Android_Testing_Cheat_Sheet. Accessed 18 June 2017

  3. Jain, V., Bhandari, S., Laxmi, V., Gaur, M.S., Mosbah, M.: SniffDroid: detection of inter-app privacy leaks in Android. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 331–338. IEEE (2017)

    Google Scholar 

  4. Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of Android applications in DroidSafe. In: NDSS, vol. 15, p. 110 (2015)

    Google Scholar 

  5. Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: Composite constant propagation: application to Android inter-component communication analysis. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 77–88. IEEE Press (2015)

    Google Scholar 

  6. Li, L., et al.: IccTA: detecting inter-component privacy leaks in Android apps. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 280–291. IEEE Press (2015)

    Google Scholar 

  7. Bosu, A., Liu, F., Yao, D.D., Wang, G.: Collusive data leak and more: large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 71–85. ACM (2017)

    Google Scholar 

  8. Bagheri, H., Sadeghi, A., Garcia, J., Malek, S.: COVERT: compositional analysis of Android inter-app permission leakage. IEEE Trans. Softw. Eng. 9, 866–886 (2015)

    Article  Google Scholar 

  9. Soot. https://github.com/secure-software-engineering/soot-infoflow-android. Accessed 08 Oct 2017

  10. Droidbench 3.0. https://github.com/secure-software-engineering/DroidBench/tree/develop. Accessed 25 Aug 2017

  11. Droidbench - IccTA Branch. https://github.com/secure-software-engineering/DroidBench/tree/iccta. Accessed 08 Aug 2017

  12. Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Traon, Y.L.: ApkCombiner: combining multiple Android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 513–527. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_34

    Chapter  Google Scholar 

  13. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: XManDroid: a new Android evolution to mitigate privilege escalation attacks, Technische Universität Darmstadt, Technical Report TR-2011-04 (2011)

    Google Scholar 

  14. Ravitch, T., Creswick, E.R., Tomb, A., Foltzer, A., Elliott, T., Casburn, L.: Multi-app security analysis with fuse: statically detecting Android app collusion. In: Proceedings of the 4th Program Protection and Reverse Engineering Workshop, p. 4. ACM (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Malaviya National Institute of Technology, Jaipur, Jaipur, India

    Vineeta Jain & Vijay Laxmi

  2. Indian Institute of Technology Jammu, Jammu, India

    Manoj Singh Gaur

  3. LaBRI, CNRS, Bordeaux INP, University of Bordeaux, Talence, France

    Mohamed Mosbah

Authors
  1. Vineeta Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Laxmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Manoj Singh Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohamed Mosbah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vineeta Jain .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Guwahati, Guwahati, India

    Sukumar Nandi

  2. Indian Institute of Technology Jammu, Jammu, India

    Devesh Jinwala

  3. Indian Institute of Technology Bombay, Mumbai, India

    Virendra Singh

  4. Malaviya National Institute of Technology, Jaipur, India

    Vijay Laxmi

  5. Indian Institute of Technology Jammu, Jammu, Jammu and Kashmir, India

    Manoj Singh Gaur

  6. Department of Technical Education, Government of Gujarat, Rajkot, India

    Parvez Faruki

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jain, V., Laxmi, V., Gaur, M.S., Mosbah, M. (2019). APPLADroid: Automaton Based Inter-app Privacy Leak Analysis for Android. In: Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., Faruki, P. (eds) Security and Privacy. ISEA-ISAP 2019. Communications in Computer and Information Science, vol 939. Springer, Singapore. https://doi.org/10.1007/978-981-13-7561-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-7561-3_16

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-7560-6

  • Online ISBN: 978-981-13-7561-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation