Efficient, Evolutionary Security Analysis of Interacting Android Apps

Abstract

In parallel with the increasing popularity of mobile software, an alarming escalation in the number and sophistication of security threats is observed on mobile platforms, remarkably Android as the dominant platform. Such mobile software, further, evolves incrementally, and especially so when being maintained after it has been deployed. Yet, most security analysis techniques lack the ability to efficiently respond to incremental system changes. Instead, every time the system changes, the entire security analysis has to be repeated from scratch, making it too expensive for practical use, given the frequency with which apps are updated, installed, and removed in such volatile environments as the Android ecosystem. To address this limitation, we present a novel technique, dubbed FLAIR, for efficient, yet formally precise, security analysis of Android apps in response to incremental system changes. Leveraging the fact that the changes are likely to impact only a small fraction of the prior analysis results, FLAIR recomputes the analysis only where required, thereby greatly improving analysis performance without sacrificing the soundness and completeness thereof. Our experimental results using numerous bundles of real-world apps corroborate that FLAIR can provide an order of magnitude speedup over prior techniques.