Precise Command Injection Analysis in Android Applications

Abstract

Android mobile applications are vulnerable to code injection attacks. We use taint analysis to approximate the parameters of a sensitive instruction that may originate from user input. We combine it with a string analysis based on automatons to over-approximate the values of the string variables in the program. Using information derived from these two analyses, we detect when untrusted input may be used to inject malicious code into the program, and when the attack patterns were removed using a sanitizer operation. The proposed approach was implemented on top of FlowDroid. Experimental results show that the resulting analyzer, , is very efficient at detecting command injection vulnerabilities.