Improving Leakage Path Coverage in Android Apps

Abstract

With the phenomenal increase in Android apps usage and storing of personal information on mobile devices, securing this sensitive information has assumed significance. The Android application developers knowingly or unknowingly create apps that may directly or indirectly leak this information to outside world. The majority of state-of-the-art approachesdetect leaks through inter-component communication (ICC) within an app. Android allows inter-component communication (ICC) within the components of the same application or across multiple applications. ICC mechanism is used for the exchange of information among apps. Via ICC, an app or a set of apps can send the sensitive information out of the application or device.In this paper, we propose an approach for intra-app as well as inter-app data transfer analysis through intents and/or sharedpreferences that improve the coverage of leakage paths detectedas compared to existing approaches. Our proposed approach iscapable of analyzing more than two applications at a time. Wehave evaluated proposed approach on the DroidBench datasetand 116 real-time apps randomly selected and downloadedfrom Google PlayStore. We detected 1298 inter-component pathswithin an app and 215 inter-app sensitive paths. Our approachreported ~17.71% of more inter-component paths using sharedpreferences for data transfer.