Some support is needed in order to shun the possibility that sensitive data handled by applications are sent to improper destinations. Although apps running on Android OS declare the accessed services, once the user accepts, the application receives complete permissions and may use sensitive data improperly. Some tools have emerged to check data access and flow, however such tools are either based on static analysis or dynamic tracking. The former brings no overhead at run-time, but is less precise; the latter can bring a costly overhead during execution, having to monitor any access to sensitive data and all destinations. Our approach is innovative in that it takes advantage of static analysis and then monitors at run-time only data paths that potentially give sensitive data out. The correspondent tool is tailored to Android environment, tool-chain, libraries, and typical requirements that applications have to satisfy.
Making Android Apps Data-Leak-Safe by Data Flow Analysis and Code Injection
2016
Abstract
Some support is needed in order to shun the possibility that sensitive data handled by applications are sent to improper destinations. Although apps running on Android OS declare the accessed services, once the user accepts, the application receives complete permissions and may use sensitive data improperly. Some tools have emerged to check data access and flow, however such tools are either based on static analysis or dynamic tracking. The former brings no overhead at run-time, but is less precise; the latter can bring a costly overhead during execution, having to monitor any access to sensitive data and all destinations. Our approach is innovative in that it takes advantage of static analysis and then monitors at run-time only data paths that potentially give sensitive data out. The correspondent tool is tailored to Android environment, tool-chain, libraries, and typical requirements that applications have to satisfy.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.