research-article

Towards a generic framework for automating extensive analysis of Android applications

Authors:

Alexandre Bartel,

Tegawendé F. Bissyandé,

Yves Le TraonAuthors Info & Claims

SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied Computing

Pages 1460 - 1465

https://doi.org/10.1145/2851613.2851784

Published: 04 April 2016 Publication History

Abstract

Despite much effort in the community, the momentum of Android research has not yet produced complete tools to perform thorough analysis on Android apps, leaving users vulnerable to malicious apps. Because it is hard for a single tool to efficiently address all of the various challenges of Android programming which make analysis difficult, we propose to instrument the app code for reducing the analysis complexity, e.g., transforming a hard problem to a easy-resolvable one. To this end, we introduce in this paper Apkpler, a plugin-based framework for supporting such instrumentation. We evaluate Apkpler with two plugins, demonstrating the feasibility of our approach and showing that Apkpler can indeed be leveraged to reduce the analysis complexity of Android apps.

References

[1]

Steven Arzt, Siegfried Rasthofer, and Eric Bodden. Instrumenting android and java applications as easy as abc. In RV, 2013.

[2]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, ow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In PLDI, 2014.

Digital Library

[3]

Alexandre Bartel, Jacques Klein, Martin Monperrus, and Yves Le Traon. Dexpler: Converting android dalvik bytecode to jimple for static analysis with soot. In SOAP, 2012.

Digital Library

[4]

Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. Taming reection: Aiding static analysis in the presence of reection and custom class loaders. In ICSE, 2011.

Digital Library

[5]

Parvez Faruki, Shweta Bhandari, Vijay Laxmi1 Manoj Gaur, and Mauro Conti. Droidanalyst: Synergic app framework for static and dynamic app analysis. 2015.

[6]

Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen. Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In TRUST, 2012.

Digital Library

[7]

Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. The soot framework for java program analysis: a retrospective. In CETUS 2011.

[8]

Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, and Yves Le Traon. ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis. In IFIP SEC, 2015.

[9]

Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In ICSE, 2015.

Digital Library

[10]

Li Li, Alexandre Bartel, Jacques Klein, and Yves Le Traon. Automatically exploiting potential component leaks in android applications. In TrustCom, 2014.

Digital Library

[11]

Li Li, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. An Investigation into the Use of Common Libraries in Android Apps. In Technique Report, 2015.

[12]

Jeremy Ludwig, Robert Richards, Bart Presnell, and Dan Fu. A general framework for developing training apps on android devices. In I/ITSEC, 2012.

[13]

Damien Octeau, Somesh Jha, and Patrick McDaniel. Retargeting android applications to java bytecode. In FSE, 2012.

Digital Library

[14]

Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. Composite constant propagation: Application to android inter-component communication analysis. In ICSE, 2015.

Digital Library

[15]

Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In USENIX Security, 2013.

Digital Library

[16]

Martin Rinard. Analysis of multithreaded programs. In Static Analysis, pages 1--19. Springer, 2001.

Digital Library

[17]

Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In CCS, 2014.

Digital Library

[18]

Mu Zhang and Heng Yin. Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications. In NDSS, 2014.

[19]

Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. In S&P, 2012.

Digital Library

Cited By

Autili MMalavolta IPerucci AScoccia GVerdecchia R(2021)Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoptionJournal of Internet Services and Applications10.1186/s13174-021-00134-x12:1Online publication date: 23-Jul-2021
https://doi.org/10.1186/s13174-021-00134-x
Mallissery SWu YHsieh CBau CHung CCerny TShin DBechini A(2020)Identification of data propagation paths for efficient dynamic information flow trackingProceedings of the 35th Annual ACM Symposium on Applied Computing10.1145/3341105.3373876(92-99)Online publication date: 30-Mar-2020
https://dl.acm.org/doi/10.1145/3341105.3373876
Li L(2017)Mining AndroZoo: A Retrospect2017 IEEE International Conference on Software Maintenance and Evolution (ICSME)10.1109/ICSME.2017.49(675-680)Online publication date: Sep-2017
https://doi.org/10.1109/ICSME.2017.49
Show More Cited By

Index Terms

Towards a generic framework for automating extensive analysis of Android applications
1. Software and its engineering
  1. Software notations and tools

Recommendations

HybriDroid: static analysis framework for Android hybrid applications
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Mobile applications (apps) have long invaded the realm of desktop apps, and hybrid apps become a promising solution for supporting multiple mobile platforms. Providing both platform-specific functionalities via native code like native apps and user ...
Android: Changing the Mobile Landscape

The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Cross-Compiling Android Applications to iOS and Windows Phone 7

Android is currently leading the smartphone segment in terms of market share since its introduction in 2007. Android applications are written in Java using an API designed for mobile apps. Other smartphone platforms, such as Apple's iOS or Microsoft's ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied Computing

April 2016

2360 pages

ISBN:9781450337397

DOI:10.1145/2851613

Conference Chair:
Sascha Ossowski
University Rey Juan Carlos, Spain

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2016

Sponsor:

SIGAPP

SAC 2016: Symposium on Applied Computing

April 4 - 8, 2016

Pisa, Italy

Acceptance Rates

SAC '16 Paper Acceptance Rate 252 of 1,047 submissions, 24%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
106
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Autili MMalavolta IPerucci AScoccia GVerdecchia R(2021)Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoptionJournal of Internet Services and Applications10.1186/s13174-021-00134-x12:1Online publication date: 23-Jul-2021
https://doi.org/10.1186/s13174-021-00134-x
Mallissery SWu YHsieh CBau CHung CCerny TShin DBechini A(2020)Identification of data propagation paths for efficient dynamic information flow trackingProceedings of the 35th Annual ACM Symposium on Applied Computing10.1145/3341105.3373876(92-99)Online publication date: 30-Mar-2020
https://dl.acm.org/doi/10.1145/3341105.3373876
Li L(2017)Mining AndroZoo: A Retrospect2017 IEEE International Conference on Software Maintenance and Evolution (ICSME)10.1109/ICSME.2017.49(675-680)Online publication date: Sep-2017
https://doi.org/10.1109/ICSME.2017.49
Li LBissyandé TOcteau DKlein JZeller ARoychoudhury A(2016)DroidRA: taming reflection to support whole-program analysis of Android appsProceedings of the 25th International Symposium on Software Testing and Analysis10.1145/2931037.2931044(318-329)Online publication date: 18-Jul-2016
https://dl.acm.org/doi/10.1145/2931037.2931044
Li LDillon LVisser WWilliams L(2016)Boosting static analysis of Android apps through code instrumentationProceedings of the 38th International Conference on Software Engineering Companion10.1145/2889160.2889258(819-822)Online publication date: 14-May-2016
https://dl.acm.org/doi/10.1145/2889160.2889258

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents