Detecting Privacy Leaks in Android Apps using Inter-Component Information Flow Control Analysis

Nowadays, smartphones are ubiquitous sources of private and confidential information. Among smartphones operating systems, Android has become the most popular one in recent years. Android applications have access to different information which stored on the device so, may lead to information leaks accidentally or maliciously. Leakages stem from explicit or implicit information flows between information sources and sinks. Finding explicit flows is fairly simple whereas, implicit flows utilize more complicated structures and are more difficult to discover, as a result. Most existing tools ignore implicit flows or only consider special structures that are similar to explicit form in nature such as if and switch structures. In this paper we propose IIFDroid, inter-component information flow control static analysis tool which aims to detect information leaks generated by explicit and various forms of implicit flows within an Android application. Furthermore, we present test cases in order to examine the effectiveness of IIFDroid against implicit flows caused by more sophisticated structures like throw, polymorphism and exception-prone instructions. The experimental results on DroidBench and the developed test cases show that IIFDroid outperforms existing tools IccTA and JoDroid with 94.8% precision and 96.4% recall.