Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism

Yue Hongzhou; Zhang Yuqing; Wang Wenjie; Liu Qixu

doi:10.7544/issn1000-1239.2017.20150928

Journal of Computer Research and Development > 2017 > 54(2): 313-327. > DOI: 10.7544/issn1000-1239.2017.20150928

Yue Hongzhou, Zhang Yuqing, Wang Wenjie, Liu Qixu. Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism[J]. Journal of Computer Research and Development, 2017, 54(2): 313-327. DOI: 10.7544/issn1000-1239.2017.20150928

Citation:

PDF (3602 KB)

Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism

¹(State Key Laboratory of Integrated Services Networks (Xidian University), Xi'an 710071)
²(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)
³(State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)

More Information

Published Date: January 31, 2017

Graphical Abstract

Abstract

Abstract

Privacy leakage is one of the most important issues in the current Android security. The present most important method to detect privacy leakage is taint analysis. Because of its high code coverage and low false negative, the technique of static taint analysis is widely used in the detection of Android privacy leakage. However, the existing static taint analysis tools cannot do effective taint analysis for Android dynamic loading and reflection mechanism. Taking into account the present situation that Android dynamic loading and reflection mechanism are being used more and more widely, we focus on how to enable static taint analysis tools to effectively deal with Android dynamic loading and reflection mechanism. We modify the Android source code to enable the Android system to timely store the loaded dex files and reflection invocation information during the running process of an Android app. This information will be used to guide the static taint analysis process of the app and a policy that replacing the reflective method invocation with non-reflective method invocation is proposed. Based on these ideas, a taint analysis tool—DyLoadDroid is proposed, which has made some improvements of the state-of-the-art static taint analysis tool—FlowDroid and can do effective taint analysis for Android dynamic loading and reflection mechanism. Sufficient experimental results show that DyLoadDroid is very effective in tackling the problem of static taint analysis of Android dynamic loading and reflection mechanism.
- Android privacy leakage,
- taint analysis,
- dynamic loading,
- reflection

FullText(HTML)

References (0)

[1]	Li Xiangyang, Wang Shanyue, Zhang Chi, Yan Yubo, Tan Haisheng. Enhanced Capacity for Multi-Tag Concurrent Backscatter Communication Systems under Spectrum Constraints[J]. Journal of Computer Research and Development, 2024, 61(11): 2776-2792. DOI: 10.7544/issn1000-1239.202440401
[2]	Guo Fangfang, Wang Xinyue, Wang Huiqiang, Lü Hongwu, Hu Yibing, Wu Fang, Feng Guangsheng, Zhao Qian. A Dynamic Stain Analysis Method on Maximal Frequent Sub Graph Mining[J]. Journal of Computer Research and Development, 2020, 57(3): 631-638. DOI: 10.7544/issn1000-1239.2020.20180846
[3]	Li Ying, Tang Yong, Zhang Haoran, Liu Ding, Zhou Shengteng, Wang Sai. Real Time Rendering of Large Scale Realistic Ocean Scenes Driven by Time and Space[J]. Journal of Computer Research and Development, 2019, 56(2): 375-384. DOI: 10.7544/issn1000-1239.2019.20170895
[4]	Lu Yemian, Ying Lingyun, Su Purui, Feng Dengguo, Jing Erxia, Gu Yacong. Security Analysis and Evaluation for the Usage of Settings Mechanism in Android[J]. Journal of Computer Research and Development, 2016, 53(10): 2248-2261. DOI: 10.7544/issn1000-1239.2016.20160449
[5]	Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572
[6]	Duan Huixian and Li Guangyao. A Fitting Method of Central Catadioptric Line Images[J]. Journal of Computer Research and Development, 2013, 50(4): 823-833.
[7]	Duan Huixian. A Fitting Method of Paracatadioptric Line Images Based on Antipodal Image Points[J]. Journal of Computer Research and Development, 2013, 50(2): 361-370.
[8]	Li Lei, Niu Chunlei, Chen Ningjiang, Wei Jun. A High-Performance Strategy for Optimizing Web Services[J]. Journal of Computer Research and Development, 2007, 44(7): 1191-1198.
[9]	Zhao Feng, Lu Xicheng, Zhu Peidong, and Liu Yaping. Designing IBGP Networks Based on Traffic Sensitivity: Models and Analysis[J]. Journal of Computer Research and Development, 2007, 44(3).
[10]	Du Zhao, Wang Xiaoge, Chen Yu. An Overview of Reflective Middleware[J]. Journal of Computer Research and Development, 2005, 42(12): 2041-2047.