Whole-system analysis for understanding publicly accessible functions in Android
Android has become the most popular mobile operating system. Millions of applications, including many malwares, haven been developed for it. Android itself evolves constantly with changing features and higher complexities. It is challenging for application developers to keep up with the changes and...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3642 https://ink.library.smu.edu.sg/context/sis_research/article/4644/viewcontent/OS02___Nguyen_Huu_Hoang___Whole_System_Analysis_for_Understanding_Publicly_Accessible_Functions_in_Android___Final.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Android has become the most popular mobile operating system. Millions of applications, including many malwares, haven been developed for it. Android itself evolves constantly with changing features and higher complexities. It is challenging for application developers to keep up with the changes and maintain the compatibility of their apps across Android versions. Therefore, there are many challenges for application analysis tools to accurately model and analyze app behaviors across Android versions. Even though the overall system architecture of Android and many APIs are documented, many other APIs and implementation details are not, not to mention potential bugs and vulnerabilities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to help programmers understand system behaviors and APIs across different versions. This paper aims to address the need. It performs whole-system analysis for different versions of Android by using both backward and forward static analysis of intra-procedural and inter-procedural control-flow and data-flow graphs. It can collect information about functions in Android that can be invoked by applications, which are referred to as publicly accessible functions in this paper. Such information can help programmers better understand the ways in which their applications utilize system functions. We have analyzed Android versions 4.1.1, 4.2.2, 4.3, 4.4.4, 5.1.0, 6.0.1, and show basic statistics about the publicly accessible functions in different Android versions. We also use an example to illustrate that the information about publicly accessible functions can be useful in identifying unprotected system functions whose invocations may not be protected by proper permissions and may lead to security and privacy violations. |
|---|