μDep: Mutation-based Dependency Generation for Precise Taint Analysis on Android Native Code

12/13/2021
by   Cong Sun, et al.
0

The existence of native code in Android apps plays an essential role in triggering inconspicuous propagation of secrets and circumventing malware detection. However, the state-of-the-art information-flow analysis tools for Android apps all have limited capabilities of analyzing native code. Due to the complexity of binary-level static analysis, most static analyzers choose to build conservative models for a selected portion of native code. Though the recent inter-language analysis improves the capability of tracking information flow in native code, it is still far from attaining similar effectiveness of the state-of-the-art information-flow analyzers that focus on non-native Java methods. To overcome the above constraints, we propose a new analysis framework, i.e., , to detect sensitive information flows of the Android apps containing native code. In this framework, we combine a control-flow-based static binary analysis with a mutation-based dynamic analysis to model the tainting behaviors of native code in the apps. Based on the result of the analyses, conducts a stub generation for the related native functions to facilitate the state-of-the-art analyzer, i.e., DroidSafe, with fine-grained tainting behavior summaries of native code. The experimental results show that our framework is competitive on the accuracy and effective in analyzing the information flows in real-world apps and malware compared with the state-of-the-art inter-language static analysis.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset