Conference Proceeding Article
Android has become the most popular mobile operating system. Millions of applications, including many malwares, haven been developed for it. Android itself evolves constantly with changing features and higher complexities. It is challenging for application developers to keep up with the changes and maintain the compatibility of their apps across Android versions. Therefore, there are many challenges for application analysis tools to accurately model and analyze app behaviors across Android versions. Even though the overall system architecture of Android and many APIs are documented, many other APIs and implementation details are not, not to mention potential bugs and vulnerabilities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to help programmers understand system behaviors and APIs across different versions. This paper aims to address the need. It performs whole-system analysis for different versions of Android by using both backward and forward static analysis of intra-procedural and inter-procedural control-flow and data-flow graphs. It can collect information about functions in Android that can be invoked by applications, which are referred to as publicly accessible functions in this paper. Such information can help programmers better understand the ways in which their applications utilize system functions. We have analyzed Android versions 4.1.1, 4.2.2, 4.3, 4.4.4, 5.1.0, 6.0.1, and show basic statistics about the publicly accessible functions in different Android versions. We also use an example to illustrate that the information about publicly accessible functions can be useful in identifying unprotected system functions whose invocations may not be protected by proper permissions and may lead to security and privacy violations.
android, call graph, control flow analysis, data flow analysis, program comprehension, permission check
Software and Cyber-Physical Systems
South East Asian Technical University Consortium (SEATUC) 11th Symposium Proceedings: Ho Chi Minh City, Vietnam, March 13-14, 2017
City or Country
Ho Chi Minh City, Vietnam
NGUYEN, Huu Hoang; JIANG, Lingxiao; and QUAN, Thanh Tho.
Whole-system analysis for understanding publicly accessible functions in Android. (2017). South East Asian Technical University Consortium (SEATUC) 11th Symposium Proceedings: Ho Chi Minh City, Vietnam, March 13-14, 2017. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3642
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.