Table of Content

Open Access iconOpen Access

ARTICLE

Detecting Android Inter-App Data Leakage Via Compositional Concolic Walking

Tianjun Wu, Yuexiang Yang

College of Computer, National University of Defense Technology, Changsha 410073, China

* Corresponding Author: Tianjun Wu, email

Intelligent Automation & Soft Computing 2019, 25(4), 755-766. https://doi.org/10.31209/2019.100000079

Abstract

While many research efforts have been around auditing individual android apps, the security issues related to the interaction among multiple apps are less studied. Due to the hidden nature of Inter-App communications, few existing security tools are able to detect such related vulnerable behaviors. This paper proposes to perform overall security auditing using dynamic analysis techniques. We focus on data leakage as it is one of the most common vulnerabilities for Android applications. We present an app auditing system AppWalker, which uses concolic execution on a set of apps. We use static Inter-App taint analysis to guide the dynamic auditing procedure, so that we can target at potential InterApp data leakage. To mitigate the exponential blow-up when auditing various combinations of apps, we introduce a novel technique called compositional concolic walking. In the end of the auditing, the event and data inputs created during concolic walking are fed to the app set. By dynamically checking the triggered data-leaking behavior, we are then able to confirm the existence of Inter-App data leakage. AppWalker takes into account both intra- and inter-app communications, and is the first research work on dynamic audit of inter-app vulnerabilities in a path-sensitive way to our knowledge. Experimental results reveal that our method can effectively detect real-world Inter-App data leakage.

Keywords


Cite This Article

APA Style
Wu, T., Yang, Y. (2019). Detecting android inter-app data leakage via compositional concolic walking. Intelligent Automation & Soft Computing, 25(4), 755-766. https://doi.org/10.31209/2019.100000079
Vancouver Style
Wu T, Yang Y. Detecting android inter-app data leakage via compositional concolic walking. Intell Automat Soft Comput . 2019;25(4):755-766 https://doi.org/10.31209/2019.100000079
IEEE Style
T. Wu and Y. Yang, “Detecting Android Inter-App Data Leakage Via Compositional Concolic Walking,” Intell. Automat. Soft Comput. , vol. 25, no. 4, pp. 755-766, 2019. https://doi.org/10.31209/2019.100000079



cc Copyright © 2019 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1494

    View

  • 1471

    Download

  • 0

    Like

Share Link