Open Access
ARTICLE
Detecting Android Inter-App Data Leakage Via Compositional Concolic Walking
Tianjun Wu, Yuexiang Yang
College of Computer, National University of Defense Technology, Changsha 410073, China
* Corresponding Author: Tianjun Wu,
Intelligent Automation & Soft Computing 2019, 25(4), 755-766. https://doi.org/10.31209/2019.100000079
Abstract
While many research efforts have been around auditing individual android apps,
the security issues related to the interaction among multiple apps are less
studied. Due to the hidden nature of Inter-App communications, few existing
security tools are able to detect such related vulnerable behaviors. This paper
proposes to perform overall security auditing using dynamic analysis techniques.
We focus on data leakage as it is one of the most common vulnerabilities for
Android applications. We present an app auditing system AppWalker, which uses
concolic execution on a set of apps. We use static Inter-App taint analysis to
guide the dynamic auditing procedure, so that we can target at potential InterApp data leakage. To mitigate the exponential blow-up when auditing various
combinations of apps, we introduce a novel technique called compositional
concolic walking. In the end of the auditing, the event and data inputs created
during concolic walking are fed to the app set. By dynamically checking the
triggered data-leaking behavior, we are then able to confirm the existence of
Inter-App data leakage. AppWalker takes into account both intra- and inter-app
communications, and is the first research work on dynamic audit of inter-app
vulnerabilities in a path-sensitive way to our knowledge. Experimental results
reveal that our method can effectively detect real-world Inter-App data leakage.
Keywords
Cite This Article
T. Wu and Y. Yang, "Detecting android inter-app data leakage via compositional concolic walking,"
Intelligent Automation & Soft Computing, vol. 25, no.4, pp. 755–766, 2019. https://doi.org/10.31209/2019.100000079