Android repository mining for detecting publicly accessible functions missing permission checks

Android has become the most popular mobile operating system. Millions of applications, including many malware, haven been developed for it. Even though its overall system architecture and many APIs are documented, many other methods and implementation details are not, not to mention potential bugs a...

Full description

Saved in:
Bibliographic Details
Main Authors: NGUYEN, Huu Hoang, JIANG, Lingxiao, QUAN, Thanh Tho
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2017
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/3683
https://ink.library.smu.edu.sg/context/sis_research/article/4685/viewcontent/android_analysis_draft.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4685
record_format dspace
spelling sg-smu-ink.sis_research-46852017-10-30T06:02:21Z Android repository mining for detecting publicly accessible functions missing permission checks NGUYEN, Huu Hoang JIANG, Lingxiao QUAN, Thanh Tho Android has become the most popular mobile operating system. Millions of applications, including many malware, haven been developed for it. Even though its overall system architecture and many APIs are documented, many other methods and implementation details are not, not to mention potential bugs and vulnerabilities that may be exploited. Manual documentation may also be easily outdated as Android evolves constantly with changing features and higher complexities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to facilitate whole-system analysis of undocumented code. This paper presents an approach for alleviating the challenges associated with whole-system analysis. It performs usual program analysis for different versions of Android by control-flow and data-flow analyses. More importantly, it integrates information retrieval and query heuristics to customize the graphs for purposes related to the queries and make whole-system analyses more efficient. In particular, we use the approach to curate functions in Android that can be invoked by applications in either benign or malicious way, which are referred to as publicly accessible functions in this paper, and with the queries we provided, identify functions that may access sensitive system and/or user data and should be protected by certain permission checks. Based on such information, we can detect some publicly accessible functions in the system that may miss sufficient permission checks. As a proof of concept, this paper has analyzed six Android versions and shows basic statistics about the publicly accessible functions in the Android versions, and detects and verifies several system functions that miss permission checks and may have security implications. 2017-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3683 info:doi/10.1109/ICPC.2017.14 https://ink.library.smu.edu.sg/context/sis_research/article/4685/viewcontent/android_analysis_draft.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University android program comprehension program analysis information retrieval call graph dependency Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic android
program comprehension
program analysis
information retrieval
call graph
dependency
Software Engineering
spellingShingle android
program comprehension
program analysis
information retrieval
call graph
dependency
Software Engineering
NGUYEN, Huu Hoang
JIANG, Lingxiao
QUAN, Thanh Tho
Android repository mining for detecting publicly accessible functions missing permission checks
description Android has become the most popular mobile operating system. Millions of applications, including many malware, haven been developed for it. Even though its overall system architecture and many APIs are documented, many other methods and implementation details are not, not to mention potential bugs and vulnerabilities that may be exploited. Manual documentation may also be easily outdated as Android evolves constantly with changing features and higher complexities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to facilitate whole-system analysis of undocumented code. This paper presents an approach for alleviating the challenges associated with whole-system analysis. It performs usual program analysis for different versions of Android by control-flow and data-flow analyses. More importantly, it integrates information retrieval and query heuristics to customize the graphs for purposes related to the queries and make whole-system analyses more efficient. In particular, we use the approach to curate functions in Android that can be invoked by applications in either benign or malicious way, which are referred to as publicly accessible functions in this paper, and with the queries we provided, identify functions that may access sensitive system and/or user data and should be protected by certain permission checks. Based on such information, we can detect some publicly accessible functions in the system that may miss sufficient permission checks. As a proof of concept, this paper has analyzed six Android versions and shows basic statistics about the publicly accessible functions in the Android versions, and detects and verifies several system functions that miss permission checks and may have security implications.
format text
author NGUYEN, Huu Hoang
JIANG, Lingxiao
QUAN, Thanh Tho
author_facet NGUYEN, Huu Hoang
JIANG, Lingxiao
QUAN, Thanh Tho
author_sort NGUYEN, Huu Hoang
title Android repository mining for detecting publicly accessible functions missing permission checks
title_short Android repository mining for detecting publicly accessible functions missing permission checks
title_full Android repository mining for detecting publicly accessible functions missing permission checks
title_fullStr Android repository mining for detecting publicly accessible functions missing permission checks
title_full_unstemmed Android repository mining for detecting publicly accessible functions missing permission checks
title_sort android repository mining for detecting publicly accessible functions missing permission checks
publisher Institutional Knowledge at Singapore Management University
publishDate 2017
url https://ink.library.smu.edu.sg/sis_research/3683
https://ink.library.smu.edu.sg/context/sis_research/article/4685/viewcontent/android_analysis_draft.pdf
_version_ 1770573669900222464