eddLeak: Enhancing precision of detecting inter-app data leakage in Android applications

14:42 26/06/2018

In recent years, mobile malware has grown to be significant types of behaviors, including stealing personal information of users, hijacking and surveilling user devices. Every year, it caused financial loss for infected enterprises, also more and more concerned about seriously secure data problems. Hence, many solutions have been proposed in order to detect malware leading to sensitive data leakage by analyzing mobile applications. Static analysis is a widely used technique for analyzing software, particularly in the security context, such as malware detection. Unfortunately, the static analysis technique often produces false alarms, which require significant manual effort to improve, such as DidFail tool. In this paper, we show how to analyze Android applications with static analysis to detect and identify which apps can be used to leak out sensitive information of users. We improve DidFail's architecture by implementing more modules and focus on the principles of Inter-Component Communication (ICC) between components in one or cross applications, then combining Android permission rules model to propose eddLeak approach, which enhance DidFail's precision of detecting inter-app leakage on Android applications and evaluate on customized application datasets.