Critical review of static taint analysis of android applications for detecting information leakages

Haris Mumtaz, El Sayed M. El-Alfy

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

This paper presents a rigorous review of static taint analysis for inadvertently information leakage in Android applications. Static taint analysis is widely implemented to monitor and control privacy leaks. The surveyed studies are analyzed and evaluated based on techniques adopted, tools implemented, applications involved in experiments, leaks identified through experiments, and applications identified as infected. Most of the surveyed studies applied Call Graph (CG) or Control Flow Graph (CFG) to perform static taint analysis. We also conducted a number of experiments to further analyze the execution and effectiveness of FlowDroid on Android applications having both intra-component communications and inter-component communications. Although FlowDroid was developed to target only intra-component leaks, this does not limit its application on inter-component communications. However, its precision is reduced.

Original languageEnglish
Title of host publicationICIT 2017 - 8th International Conference on Information Technology, Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages446-454
Number of pages9
ISBN (Electronic)9781509063321
DOIs
StatePublished - 20 Oct 2017

Publication series

NameICIT 2017 - 8th International Conference on Information Technology, Proceedings

Bibliographical note

Publisher Copyright:
© 2017 IEEE.

Keywords

  • Android applications
  • information leakage detection
  • information security
  • mobile security
  • static taint analysis

ASJC Scopus subject areas

  • Information Systems
  • Health Informatics
  • Information Systems and Management
  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Critical review of static taint analysis of android applications for detecting information leakages'. Together they form a unique fingerprint.

Cite this