Survey of Android Vulnerability Detection

Zhang Yuqing; Fang Zhejun; Wang Kai; Wang Zhiqiang; Yue Hongzhou; Liu Qixu; He Yuan; Li Xiaoqi; Yang Gang

doi:10.7544/issn1000-1239.2015.20150572

Journal of Computer Research and Development > 2015 > 52(10): 2167-2177. > DOI: 10.7544/issn1000-1239.2015.20150572 CSTR: 32373.14.issn1000-1239.2015.20150572

Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572

Citation:

PDF (1657 KB)

Survey of Android Vulnerability Detection

¹(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)
²(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710071)
³(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029)
⁴(Beijing Electronic Science and Technology Institute, Beijing 100070)

More Information

Published Date: September 30, 2015

Graphical Abstract

Abstract

Abstract

Vulnerability plays a critical role in Android security. Therefore it is very meaningful to do research on vulnerability detection techniques, which can enhance Android security and protect user’s privacy. In this paper, we firstly summary the number trends and categories of Android vulnerabilities from 2008 to 2015. Then we analyze the research progress of Android security from 2012 to 2014 and propose an overview of Android vulnerability detection techniques. After that, we detail the techniques frequently using in current researches, such as taint analysis, reachable path discovery, symbolic execution and fuzzing test. In addition, we also focus on the techniques combining static analysis and dynamic test such as concolic testing and directed fuzzing. At last, we conclude the status quo and open source tools in Android vulnerability detection, and propose valuable issues which are worth further studying.
- Android security,
- survey,
- vulnerability detection,
- static analysis,
- dynamic analysis

FullText(HTML)

References (0)

[1]	Yin Xiaokang, Lu Bin, Cai Ruijie, Zhu Xiaoya, Yang Qichao, Liu Shengli. Memory Copy Function Identification Technique with Control Flow and Data Flow Analysis[J]. Journal of Computer Research and Development, 2023, 60(2): 326-340. DOI: 10.7544/issn1000-1239.202110990
[2]	Tan Tian, Ma Xiaoxing, Xu Chang, Ma Chunyan, Li Yue. Survey on Java Pointer Analysis[J]. Journal of Computer Research and Development, 2023, 60(2): 274-293. DOI: 10.7544/issn1000-1239.202220901
[3]	Zhu Yi’an, Shi Xianchen, Yao Ye, Li Lian, Ren Pengyuan, Dong Weizhen, Li Jiayu. A WCET Analysis Method for Multi-Core Processors with Multi-Tier Coherence Protocol[J]. Journal of Computer Research and Development, 2023, 60(1): 30-42. DOI: 10.7544/issn1000-1239.202111244
[4]	Zou Wei, Gao Feng, Yan Yunqiang. Dynamic Binary Instrumentation Based on QEMU[J]. Journal of Computer Research and Development, 2019, 56(4): 730-741. DOI: 10.7544/issn1000-1239.2019.20180166
[5]	Yu Zhen, Su Xiaohong, Qiu Jing. Dynamically Detecting Multiple Types of Deadlocks Using Lock Allocation Graphs[J]. Journal of Computer Research and Development, 2017, 54(7): 1557-1568. DOI: 10.7544/issn1000-1239.2017.20160369
[6]	Wang Yawen, Yao Xinhong, Gong Yunzhan, Yang Zhaohong. A Method of Buffer Overflow Detection Based on Static Code Analysis[J]. Journal of Computer Research and Development, 2012, 49(4): 839-845.
[7]	Wang Lei, Chen Gui, and Jin Maozhong. Detection of Code Vulnerabilities via Constraint-Based Analysis and Model Checking[J]. Journal of Computer Research and Development, 2011, 48(9): 1659-1666.
[8]	Han Wei, He Yeping. Static Analysis of TOCTTOU Vulnerabilities in Unix-Style File System[J]. Journal of Computer Research and Development, 2011, 48(8): 1430-1437.
[9]	Ye Pengfei, Peng Xin, and Zhao Wenyun. Recovering the Use Case from Object-Oriented Programs by Static Analysis[J]. Journal of Computer Research and Development, 2010, 47(12).
[10]	Bian Xiaofeng, Zhou Xuehai. Study on Modeling MIPS Processors for Static WCET Analysis[J]. Journal of Computer Research and Development, 2006, 43(10): 1828-1834.