Scribd
Upload
1K views3 pages

AppAnalyzer: Detecting Android Info Leaks

This document presents an approach called AppAnalyzer which uses static taint analysis to detect possible information leakage paths in Android apps. It analyzes chosen Android apps and produces a report on any leaked information. Future work could include more user friendly reports like charts and better malicious code detection.

Uploaded by

ishanrajdor
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views3 pages

AppAnalyzer: Detecting Android Info Leaks

This document presents an approach called AppAnalyzer which uses static taint analysis to detect possible information leakage paths in Android apps. It analyzes chosen Android apps and produces a report on any leaked information. Future work could include more user friendly reports like charts and better malicious code detection.

Uploaded by

ishanrajdor
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

CONCLUSION

This report presents our approach AppAnalyzer which detects information leakage in Android apps. AppAnalyzer uses static taint analysis to detect possible leakage paths, we apply a special Taint analysis method because Android apps follow an unique event-based application model AppAnalyzer can detect true information leakage from the chosen Android application and produce a report on the leakage of information. We have used APK Tool to analyze the potential leakage of information in the analysis

FUTURE WORK In future work, reporting of the leak information can be shown in more user friendly form (eg: pie charts, bar charts) and more effort can be put into pattern mining and other malicious code detection techniques to help us identify a greater number of security and privacy threats as well as other malicious activities within Android applications. Another open problem is the identification of obfuscated malicious activities which are not easy to detect with static analysis.

SCanDroid a tool for automated security certication of Android applications. SCANDROID statically analyzes data ows through Android applications, and can make security-relevant decisions automatically, based on such ows. In particular, it can decide whether it is safe for an application to run with certain permissions, based on the permissions enforced by other applications. Alternatively, it can provide enough context to the user to make informed security-relevant decisions. AndroidLeaks AndroidLeaks, a static analysis framework for finding potential leaks of private information in Android applications.

involving uniquely identifying phone information, location data, WiFi data, and audio recorded with the microphone. AndroidLeaks identies APKs and provides a set of leaks most likely to be of interest to a security researcher. SCANDAL

a static analyzer SCANDAL that detects privacy leaks in Android applications. SCANDAL determines if there exists any ow of data from an information source through a sink. SCANDAL is a sound analyzer. It covers all possible states which may occur when using the application.

You might also like