There are many custom Android firmware (custom ROMs) which are shared on the Internet. Several recent studies aim their efforts at analyzing pre-installed applications in these firmware. However, they analyzed separate pre-installed applications. In this study we propose a system, uitXROM, to detect sensitive data leakage in custom Android firmware by analyzing relationships of pre-installed applications. The experimental results show that the system can detect all sensitive data leakage in our custom Android firmware. Secondly, it detects several pre-installed applications which leak sensitive data from 290 custom ROMs downloaded from the Internet.
