Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling and Callbacks

Yongfeng Li, Jinbin Ouyang, Bing Mao, Kai Ma, Shanqing Guo
{"title":"Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling and Callbacks","authors":"Yongfeng Li, Jinbin Ouyang, Bing Mao, Kai Ma, Shanqing Guo","doi":"10.4108/eai.7-12-2017.153394","DOIUrl":null,"url":null,"abstract":"Smartphones carry a large quantity of sensitive information to satisfy people’s various requirements, but the way of using information is important to keep the security of users’ privacy. There are two kinds of misuses of sensitive information for apps. On the one hand, careless programmers may leak the data by accident. On the other hand, the attackers develop malware to collect sensitive data intentionally. Many researchers apply data flow analysis to detect data leakages of an app. However, data flow analysis on Android platform is quite di ff erent from the programs on desktop. Many researchers have solved some problems of data flow analysis on Android platform, like Activity lifecycle, callback methods, inter-component communication. We find that Fragment’s lifecycle also has an e ff ect on the data flow analysis of Android apps. Some data will be leaked if we don’t take Fragment’s lifecycle into consideration when performing data flow analysis in Android apps. So in this paper, we propose an approach to model Fragment’s lifecycle and its relationship with Activity’s lifecycle, then introduce a tool called FragDroid based on FlowDroid [7]. We conduct some experiments to evaluate the e ff ectiveness of our tool and the results show that there are 8% of apps in our data set using Fragment. In particular, for popular apps, the result is 50.8%. We also evaluate the performance of using FragDroid to analyze Android apps, the result shows the average overhead is 17%.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"108 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.7-12-2017.153394","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Smartphones carry a large quantity of sensitive information to satisfy people’s various requirements, but the way of using information is important to keep the security of users’ privacy. There are two kinds of misuses of sensitive information for apps. On the one hand, careless programmers may leak the data by accident. On the other hand, the attackers develop malware to collect sensitive data intentionally. Many researchers apply data flow analysis to detect data leakages of an app. However, data flow analysis on Android platform is quite di ff erent from the programs on desktop. Many researchers have solved some problems of data flow analysis on Android platform, like Activity lifecycle, callback methods, inter-component communication. We find that Fragment’s lifecycle also has an e ff ect on the data flow analysis of Android apps. Some data will be leaked if we don’t take Fragment’s lifecycle into consideration when performing data flow analysis in Android apps. So in this paper, we propose an approach to model Fragment’s lifecycle and its relationship with Activity’s lifecycle, then introduce a tool called FragDroid based on FlowDroid [7]. We conduct some experiments to evaluate the e ff ectiveness of our tool and the results show that there are 8% of apps in our data set using Fragment. In particular, for popular apps, the result is 50.8%. We also evaluate the performance of using FragDroid to analyze Android apps, the result shows the average overhead is 17%.
基于片段生命周期建模和回调的Android平台数据流分析
智能手机承载着大量的敏感信息来满足人们的各种需求,但是信息的使用方式对于保证用户隐私的安全至关重要。对应用程序敏感信息的滥用有两种。一方面,粗心的程序员可能会意外泄露数据。另一方面,攻击者故意开发恶意软件来收集敏感数据。许多研究人员使用数据流分析来检测应用程序的数据泄露。然而,Android平台上的数据流分析与桌面上的程序有很大的不同。许多研究者已经解决了Android平台上的一些数据流分析问题,如Activity生命周期、回调方法、组件间通信等。我们发现Fragment的生命周期也会对Android应用的数据流分析产生影响。如果我们在Android应用中执行数据流分析时不考虑Fragment的生命周期,就会有一些数据泄露。因此,在本文中,我们提出了一种方法来建模Fragment的生命周期及其与Activity的生命周期的关系,然后介绍了一个基于FlowDroid的工具FragDroid[7]。我们进行了一些实验来评估我们的工具的有效性,结果表明,我们的数据集中有8%的应用程序使用Fragment。在热门应用中,这一比例为50.8%。我们还评估了使用FragDroid分析Android应用程序的性能,结果显示平均开销为17%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信