Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework

Dawoud, Abdallah; Bugiel, Sven

doi:10.14722/ndss.2021.23106

Cited by 20 publications

(3 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Dynamo tool [85] takes a different approach by developing a testing service as a standalone fuzzing app. Their approach uses Frida in combination with their fuzzing app to test the API of the framework.…”

Section: A Fuzzing Os and Framework Componentsmentioning

confidence: 99%

Dynamic Security Analysis on Android: A Systematic Literature Review

Sutter,

Kehrer,

Rennhard

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Dynamic analysis is a technique that is used to fully understand the internals of a system at runtime. On Android, dynamic security analysis involves real-time assessment and active adaptation of an app's behaviour, and is used for various tasks, including network monitoring, system-call tracing, and taint analysis. The research on dynamic analysis has made significant progress in the past years. However, to the best of our knowledge, there is a lack in secondary studies that analyse the novel ideas and common limitations of current security research. The main aim of this work is to understand dynamic security analysis research on Android to present the current state of knowledge, highlight research gaps, and provide insights into the existing body of work in a structured and systematic manner. We conduct a systematic literature review (SLR) on dynamic security analysis for Android. The systematic review establishes a taxonomy, defines a classification scheme, and explores the impact of advanced Android app testing tools on security solutions in software engineering and security research. The study's key findings centre on tool usage, research objectives, constraints, and trends. Instrumentation and network monitoring tools play a crucial role, with research goals focused on app security, privacy, malware detection, and software testing automation. Identified limitations include code coverage constraints, security-related analysis obstacles, app selection adequacy, and non-deterministic behaviour. Our study results deepen the understanding of dynamic analysis in Android security research by an indepth review of 43 publications. The study highlights recurring limitations with automated testing tools and concerns about detecting or obstructing dynamic analysis.

show abstract

Section: A Fuzzing Os and Framework Componentsmentioning

confidence: 99%

Dynamic Security Analysis on Android: A Systematic Literature Review

Sutter,

Kehrer,

Rennhard

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…As discussed in SO post #20740632 [17], app developers can hardly realize the above changes. What is more, there are no official documentations providing the precise API-DP mappings for each Android version and highlighting the changes across versions [30,31]. Therefore, if an app uses an API whose permission specification has undergone changes, it may crash when invoking such an API on certain incompatible platforms (Type 2 issues).…”

Section: Non-library-interfered Arp Issuesmentioning

confidence: 99%

“…Inferring API-permission mappings. Several approaches [6,18,30,31,[58][59][60][61] were proposed to infer the mappings between permissions and Android APIs via performing static analysis on Android framework. Felt et al [1] proposed a technique Stowaway to construct permission specification, which used test generation to exercise Android APIs, and modified the internal permission check mechanism to log all permission checks on Android 2.2.…”

Section: Related Workmentioning

confidence: 99%

Runtime Permission Issues in Android Apps: Taxonomy, Practices, and Ways Forward

Wang¹,

Wang²,

Wang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Android introduces a new permission model that allows apps to request permissions at runtime rather than at the installation time since 6.0 (Marshmallow, API level 23). While this runtime permission model provides users with greater flexibility in controlling an app's access to sensitive data and system features, it brings new challenges to app development. First, as users may grant or revoke permissions at any time while they are using an app, developers need to ensure that the app properly checks and requests required permissions before invoking any permission-protected APIs. Second, Android's permission mechanism keeps evolving and getting customized by device manufacturers. Developers are expected to comprehensively test their apps on different Android versions and device models to make sure permissions are properly requested in all situations. Unfortunately, these requirements are often impractical for developers. In practice, many Android apps suffer from various runtime permission issues (ARP issues). While existing studies have explored ARP issues, the understanding of such issues is still preliminary. To better characterize ARP issues, we performed an empirical study using 135 Stack Overflow posts that discuss ARP issues and 199 real ARP issues archived in popular open-source Android projects on GitHub. Via analyzing the data, we observed 11 types of ARP issues that commonly occur in Android apps. For each type of issues, we systematically studied: (1) how they can be manifested, (2) how pervasive and serious they are in real-world apps, and (3) how they can be fixed. We also analyzed the evolution trend of different types of issues from 2015 to 2020 to understand their impact on the Android ecosystem. Furthermore, we conducted a field survey and in-depth interviews among practitioners, to gain insights from industrial practices and learn practitioners' requirements of tools that can help combat ARP issues. Finally, to understand the strengths and weaknesses of the existing ARP issue detectors, we built ARPBENCH, an open benchmark consisting of 94 real ARP issues, and evaluated the performance of three available ARP issue detectors. The experimental results indicate that the existing tools have very limited supports for detecting our observed issue types and report a large number of false alarms. We further analyzed the tools' limitations and summarized the challenges of designing an effective ARP issue detection technique. We hope that our findings can shed light on future research and provide useful guidance to practitioners.

show abstract