Android repository mining for detecting publicly accessible functions missing permission checks

Author

Huu Hoang NGUYEN, Singapore Management UniversityFollow
Lingxiao JIANG, Singapore Management UniversityFollow
Thanh Tho QUAN, Bach Khoa University

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

5-2017

Abstract

Android has become the most popular mobile operating system. Millions of applications, including many malware, haven been developed for it. Even though its overall system architecture and many APIs are documented, many other methods and implementation details are not, not to mention potential bugs and vulnerabilities that may be exploited. Manual documentation may also be easily outdated as Android evolves constantly with changing features and higher complexities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to facilitate whole-system analysis of undocumented code. This paper presents an approach for alleviating the challenges associated with whole-system analysis. It performs usual program analysis for different versions of Android by control-flow and data-flow analyses. More importantly, it integrates information retrieval and query heuristics to customize the graphs for purposes related to the queries and make whole-system analyses more efficient. In particular, we use the approach to curate functions in Android that can be invoked by applications in either benign or malicious way, which are referred to as publicly accessible functions in this paper, and with the queries we provided, identify functions that may access sensitive system and/or user data and should be protected by certain permission checks. Based on such information, we can detect some publicly accessible functions in the system that may miss sufficient permission checks. As a proof of concept, this paper has analyzed six Android versions and shows basic statistics about the publicly accessible functions in the Android versions, and detects and verifies several system functions that miss permission checks and may have security implications.

Keywords

android, program comprehension, program analysis, information retrieval, call graph, dependency

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

ICPC 2017: Proceedings of the 25th IEEE International Conference on Program Comprehension: Buenos Aires, Argentina, 22-23 May

First Page

324

Last Page

327

ISBN

9781538605356

Identifier

10.1109/ICPC.2017.14

Publisher

IEEE

City or Country

Piscataway, NJ

Citation

NGUYEN, Huu Hoang; JIANG, Lingxiao; and QUAN, Thanh Tho. Android repository mining for detecting publicly accessible functions missing permission checks. (2017). ICPC 2017: Proceedings of the 25th IEEE International Conference on Program Comprehension: Buenos Aires, Argentina, 22-23 May. 324-327.
Available at: https://ink.library.smu.edu.sg/sis_research/3683

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://doi.org./10.1109/ICPC.2017.14