Survey of Android Vulnerability Detection

doi:10.7544/issn1000-1239.2015.20150572

Journal of Computer Research and Development ›› 2015, Vol. 52 ›› Issue (10): 2167-2177.doi: 10.7544/issn1000-1239.2015.20150572

Special Issue: 2015网络安全与隐私保护研究进展

Previous Articles Next Articles

Survey of Android Vulnerability Detection

Zhang Yuqing¹, Fang Zhejun^1,3, Wang Kai¹, Wang Zhiqiang^2,4, Yue Hongzhou², Liu Qixu¹, He Yuan¹, Li Xiaoqi¹, Yang Gang¹

¹(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408);²(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710071);³(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029) ;⁴(Beijing Electronic Science and Technology Institute, Beijing 100070)

Online:2015-10-01

Abstract

Abstract: Vulnerability plays a critical role in Android security. Therefore it is very meaningful to do research on vulnerability detection techniques, which can enhance Android security and protect user’s privacy. In this paper, we firstly summary the number trends and categories of Android vulnerabilities from 2008 to 2015. Then we analyze the research progress of Android security from 2012 to 2014 and propose an overview of Android vulnerability detection techniques. After that, we detail the techniques frequently using in current researches, such as taint analysis, reachable path discovery, symbolic execution and fuzzing test. In addition, we also focus on the techniques combining static analysis and dynamic test such as concolic testing and directed fuzzing. At last, we conclude the status quo and open source tools in Android vulnerability detection, and propose valuable issues which are worth further studying.

Key words: Android security, survey, vulnerability detection, static analysis, dynamic analysis

CLC Number:

TP309.1

Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177.

	Articles by Authors
	Zhang Yuqing
	Fang Zhejun
	Wang Kai
	Wang Zhiqiang
	Yue Hongzhou
	Liu Qixu
	He Yuan
	Li Xiaoqi
	Yang Gang

[1]	Yu Chang, Wang Yawen, Lin Huan, Gong Yunzhan. Fault Detection Context Based Equivalent Mutant Identification Algorithm [J]. Journal of Computer Research and Development, 2021, 58(1): 83-97.
[2]	Xu Lixin, Wu Huayao. Collective Intelligence Based Software Engineering [J]. Journal of Computer Research and Development, 2020, 57(3): 487-512.
[3]	Qiu Yu, Wang Chi, Qi Kaiyue, Shen Yao, Li Chao, Zhang Chengmi, Guo Minyi. A Survey of Smart Health: System Design from the Cloud to the Edge [J]. Journal of Computer Research and Development, 2020, 57(1): 53-73.
[4]	Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang， Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components [J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262.
[5]	Wang Xiong, Dong Yihong, Shi Weijie， Pan Jianfei. Progress and Challenges of Graph Summarization Techniques [J]. Journal of Computer Research and Development, 2019, 56(6): 1338-1355.
[6]	Zou Wei, Gao Feng, Yan Yunqiang. Dynamic Binary Instrumentation Based on QEMU [J]. Journal of Computer Research and Development, 2019, 56(4): 730-741.
[7]	Zhang Lei, Yang Zhemin, Li Mingqi, Yang Min. TipTracer: Detecting Android Application Vulnerabilities Based on the Compliance with Security Guidance [J]. Journal of Computer Research and Development, 2019, 56(11): 2315-2329.
[8]	Wang Jice, Li Yilian, Jia Yan, Zhou Wei, Wang Yucheng, Wang He, Zhang Yuqing. Survey of Smart Home Security [J]. Journal of Computer Research and Development, 2018, 55(10): 2111-2124.
[9]	Wei Shanshan, Xie Wei, He Zhiqiang. Digital Video Stabilization Techniques: A Survey [J]. Journal of Computer Research and Development, 2017, 54(9): 2044-2058.
[10]	Liu Dan, Chen Guisheng, Song Chuanming, He Xing, Wang Xianghai. Research Advances in Screen Content Coding Methods [J]. Journal of Computer Research and Development, 2017, 54(9): 2059-2076.
[11]	Yu Zhen, Su Xiaohong, Qiu Jing. Dynamically Detecting Multiple Types of Deadlocks Using Lock Allocation Graphs [J]. Journal of Computer Research and Development, 2017, 54(7): 1557-1568.
[12]	Zhang Yuqing, Zhou Wei, Peng Anni. Survey of Internet of Things Security [J]. Journal of Computer Research and Development, 2017, 54(10): 2130-2143.
[13]	Li Ke, Fang Binxing, Cui Xiang, Liu Qixu. Study of Botnets Trends [J]. Journal of Computer Research and Development, 2016, 53(10): 2189-2206.
[14]	He Yuan, Zheng Xiaolong. Research on Wireless Network Co-Existence at 2.4 GHz [J]. Journal of Computer Research and Development, 2016, 53(1): 26-37.
[15]	Shan Yanhu, Zhang Zhang, Huang Kaiqi. Visual Human Action Recognition: History, Status and Prospects [J]. Journal of Computer Research and Development, 2016, 53(1): 93-112.

Survey of Android Vulnerability Detection

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments