A real-time and efficient application audit method for Android--appaudit

Effective real-time Android application Auditing, IEEE Symposium on Security and Privacy, May 2015 [1]http://www.ieee- Security.org/tc/sp2015/papers/6949a899.pdf
1.1. Background and contributions

Mobile apps are now more complex, with many third-party libraries and tens of thousands of features, and access to sensitive personal data and networks, which has led to a growing number of personal privacy data breaches. The current application audit method is mainly static analysis. Static analysis because of the non-extensible analysis structure, you may encounter extensible problems with the code base. Therefore, static analysis is often time-consuming, especially for large applications. At the same time, static analysis can produce false positives because there are some parsing code paths that cannot occur when actually executing. These drawbacks limit the availability of application auditing methods. As a result, there is a problem with the disclosure of user privacy data for existing Android apps.

Researchers at McGill University in Canada and Shanghai Jiaotong University have proposed an application audit method based on static analysis and dynamic Analysis (--appaudit). Static analysis adopts a rough judgment method to ensure the speed of analysis, and on the dynamic analysis This paper presents a dynamic analysis method based on approximatedexecution(approximate execution) . When only part of the code is executed, the effective guessing of unknown variables ensures that the analysis path is as complete as possible. Appaudit found 30 data disclosure vulnerabilities in real-world applications, a large part of which was due to the transmission of user data through non-encrypted HTTP connections by third-party ad modules, which fully illustrated the significance of the Appaudit to the store, app developers, and end users.

1.2. Architecture

In order to solve the false alarm and effective analysis, Appaudit adopts the method of static analysis and dynamic analysis. 1 is the Appaudit architecture and workflow. Static API Usage Analysis is designed to filter out suspicious functions and narrow down the scope of the analysis . Appaudit then uses dynamic analysis to perform each function's bytecode to confirm the true data disclosure. approximate execution is the dynamic analysis of bytecode directives that perform suspicious functions and reports that privacy data may be compromised during execution. Multiple suspicious features can be checked in parallel , which greatly improves performance .

Figure 1:appaudit Architecture and workflow

1.3. Experiments

Experimental results in the following three public datasets (total 1400) show that the Appaudit method has a privacy leak detection rate of up to 99.3%and 0 false positives . The Appaudit method detects 8.3 times faster than existing work, and the memory footprint is reduced by 90%.

Figure 2: Comparison of Detection accuracy

Figure 3 Detection Accuracy

Figure 4 Average analysis time

Figure 5 Application audit usage and requirements

1.4. Expert Opinion

The Appaudit audit method is based on the combination of static analysis and dynamic analysis. A dynamic analysis method based on approximated execution(approximate execution) is presented in this paper. This method is worthy of reference.

Appaudit Audit method Compared with the previous method, the privacy leak detection rate increased significantly , the false positives decreased . Especially for some large applications, the detection speed is greatly improved , and the memory consumption is reduced . Mobile devices carry a large number of personal information, the proposed method can effectively reduce and control privacy leaks , play a role in protecting user privacy . Appaudit is significant for app stores, app developers, and end users.

The results can be used in the mobile App Store to better improve the security of the mobile phone ecosystem.

1.5. References

[1] Effective real-time Android application Auditing, IEEE Symposium on Security and Privacy, May2015.

A real-time and efficient application audit method for Android--appaudit