TY - GEN
T1 - IccTA
T2 - 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015
AU - Li, Li
AU - Bartel, Alexandre
AU - Bissyandé, Tegawendé F.
AU - Klein, Jacques
AU - Traon, Yves Le
AU - Arzt, Steven
AU - Rasthofer, Siegfried
AU - Bodden, Eric
AU - Octeau, Damien
AU - McDaniel, Patrick
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/8/12
Y1 - 2015/8/12
N2 - Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components. Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting intercomponent detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps.
AB - Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components. Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting intercomponent detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps.
UR - http://www.scopus.com/inward/record.url?scp=84943159826&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84943159826&partnerID=8YFLogxK
U2 - 10.1109/ICSE.2015.48
DO - 10.1109/ICSE.2015.48
M3 - Conference contribution
AN - SCOPUS:84943159826
T3 - Proceedings - International Conference on Software Engineering
SP - 280
EP - 291
BT - Proceedings - 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, ICSE 2015
PB - IEEE Computer Society
Y2 - 16 May 2015 through 24 May 2015
ER -