ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2015, Vol. 52 ›› Issue (10): 2167-2177.doi: 10.7544/issn1000-1239.2015.20150572

Special Issue: 2015网络安全与隐私保护研究进展

Previous Articles     Next Articles

Survey of Android Vulnerability Detection

Zhang Yuqing1, Fang Zhejun1,3, Wang Kai1, Wang Zhiqiang2,4, Yue Hongzhou2, Liu Qixu1, He Yuan1, Li Xiaoqi1, Yang Gang1   

  1. 1(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408);2(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710071);3(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029) ;4(Beijing Electronic Science and Technology Institute, Beijing 100070)
  • Online:2015-10-01

Abstract: Vulnerability plays a critical role in Android security. Therefore it is very meaningful to do research on vulnerability detection techniques, which can enhance Android security and protect user’s privacy. In this paper, we firstly summary the number trends and categories of Android vulnerabilities from 2008 to 2015. Then we analyze the research progress of Android security from 2012 to 2014 and propose an overview of Android vulnerability detection techniques. After that, we detail the techniques frequently using in current researches, such as taint analysis, reachable path discovery, symbolic execution and fuzzing test. In addition, we also focus on the techniques combining static analysis and dynamic test such as concolic testing and directed fuzzing. At last, we conclude the status quo and open source tools in Android vulnerability detection, and propose valuable issues which are worth further studying.

Key words: Android security, survey, vulnerability detection, static analysis, dynamic analysis

CLC Number: