Whole-system analysis for understanding publicly accessible functions in Android

Author

Huu Hoang NGUYEN, Singapore Management UniversityFollow
Lingxiao JIANG, Singapore Management UniversityFollow
Thanh Tho QUAN

Publication Type

Conference Proceeding Article

Version

submittedVersion

Publication Date

3-2017

Abstract

Android has become the most popular mobile operating system. Millions of applications, including many malwares, haven been developed for it. Android itself evolves constantly with changing features and higher complexities. It is challenging for application developers to keep up with the changes and maintain the compatibility of their apps across Android versions. Therefore, there are many challenges for application analysis tools to accurately model and analyze app behaviors across Android versions. Even though the overall system architecture of Android and many APIs are documented, many other APIs and implementation details are not, not to mention potential bugs and vulnerabilities. Techniques and tool supports are thus needed to automatically extract information from different versions of Android to help programmers understand system behaviors and APIs across different versions. This paper aims to address the need. It performs whole-system analysis for different versions of Android by using both backward and forward static analysis of intra-procedural and inter-procedural control-flow and data-flow graphs. It can collect information about functions in Android that can be invoked by applications, which are referred to as publicly accessible functions in this paper. Such information can help programmers better understand the ways in which their applications utilize system functions. We have analyzed Android versions 4.1.1, 4.2.2, 4.3, 4.4.4, 5.1.0, 6.0.1, and show basic statistics about the publicly accessible functions in different Android versions. We also use an example to illustrate that the information about publicly accessible functions can be useful in identifying unprotected system functions whose invocations may not be protected by proper permissions and may lead to security and privacy violations.

Keywords

android, call graph, control flow analysis, data flow analysis, program comprehension, permission check

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

South East Asian Technical University Consortium (SEATUC) 11th Symposium Proceedings: Ho Chi Minh City, Vietnam, March 13-14, 2017

Publisher

SEATU

City or Country

Ho Chi Minh City, Vietnam

Citation

NGUYEN, Huu Hoang; JIANG, Lingxiao; and QUAN, Thanh Tho. Whole-system analysis for understanding publicly accessible functions in Android. (2017). South East Asian Technical University Consortium (SEATUC) 11th Symposium Proceedings: Ho Chi Minh City, Vietnam, March 13-14, 2017.
Available at: https://ink.library.smu.edu.sg/sis_research/3642

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.