Abstract
This paper presents a rigorous review of static taint analysis for inadvertently information leakage in Android applications. Static taint analysis is widely implemented to monitor and control privacy leaks. The surveyed studies are analyzed and evaluated based on techniques adopted, tools implemented, applications involved in experiments, leaks identified through experiments, and applications identified as infected. Most of the surveyed studies applied Call Graph (CG) or Control Flow Graph (CFG) to perform static taint analysis. We also conducted a number of experiments to further analyze the execution and effectiveness of FlowDroid on Android applications having both intra-component communications and inter-component communications. Although FlowDroid was developed to target only intra-component leaks, this does not limit its application on inter-component communications. However, its precision is reduced.
Original language | English |
---|---|
Title of host publication | ICIT 2017 - 8th International Conference on Information Technology, Proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 446-454 |
Number of pages | 9 |
ISBN (Electronic) | 9781509063321 |
DOIs | |
State | Published - 20 Oct 2017 |
Publication series
Name | ICIT 2017 - 8th International Conference on Information Technology, Proceedings |
---|
Bibliographical note
Publisher Copyright:© 2017 IEEE.
Keywords
- Android applications
- information leakage detection
- information security
- mobile security
- static taint analysis
ASJC Scopus subject areas
- Information Systems
- Health Informatics
- Information Systems and Management
- Computer Networks and Communications
- Computer Science Applications