2017 IEEE Symposium on Computers and Communications (ISCC)
Download PDF

Abstract

Inter-Component Communication (ICC) enables developers to create rich and innovative applications in Android platform. However, some privacy problems occur because of the interactions among multiple components. Since the flow of sensitive data across components may be legal or malicious, it is necessary to perform a precise ICC analysis to identify the malicious flow of sensitive data. In this paper, we propose a static taint analysis method, named IccChecker, to identify the malicious ICC-based privacy leaks in Android applications. IccChecker first tracks the potential flow of sensitive data across components and extracts the contextual factors which trigger the sensitive behavior. By leveraging the context information, our approach differentiates the malicious privacy leaks from the legal privacy information exchanges according to the proposed contextual policy. Moreover, we present a comprehensive assessment with benchmarks and real-world applications. Our evaluation results with benchmarks demonstrate that IccChecker improves the precision of ICC-based privacy leak detection. In the evaluation with real-world applications, our approach identifies 4 apps with ICC-based privacy leaks among 168 Google Play apps (2.3%) while 31 apps are identified from 49 malwares (63.3%).
Like what you’re reading?
Already a member?Sign In
Member Price
$11
Non-Member Price
$21
Add to CartSign In
Get this article FREE with a new membership!

Related Articles