Abstract:
Many security vulnerabilities are caused by the unsafe use of library programming interfaces. To protect applications from security attacks, library designers provide security tips to help developers use security-sensitive APIs correctly. However, developers often fail to follow security tips, which can introduce vulnerabilities to their programs. To evaluate the scale and impact of this problem, we conduct the first systematic, large-scale study on security tips and their violations in Android apps. Our study shows that existing security tips are less effective, due to their imprecise descriptions, misleading sample code, incorrect default settings, fragmentation (scattered across different sources), and lack of compliance check. As a result, the significant portion of Android apps we analyze are found to be vulnerable. To help the security guidance better followed by app developers, we propose TipTracer, a framework for verifying Android security tips automatically and efficiently. TipTracer contains a security property language that formally describes constraints expressed in security tips and a static code analyzer that checks whether applications satisfy security tips. We demonstrate the effectiveness, efficiency and usability of TipTracer using a large set of real-world apps.