Towards a generic framework for automating extensive analysis of Android applications

Li, Li; Li, Daoyuan; Bartel, Alexandre; Bissyandé, Tegawendé F.; Klein, Jacques; Traon, Yves Le

doi:10.1145/2851613.2851784

Cited by 5 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• We intent to summarize the common parts of conducting code analysis and thereby propose generic frameworks for promoting the reuse of the implementation of fundamental functionalities [32]. For example, we plan to design a Jimple-based Instrumentation Language (JIL) and a solver that interprets JIL descriptions and thus solves instrumentation problems in a generic way [33].…”

Section: Discussionmentioning

confidence: 99%

Mining AndroZoo: A Retrospect

2017

2017 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

Abstract-This paper presents a retrospect of an Android app collection named AndroZoo and some research works conducted on top of the collection. AndroZoo is a growing collection of Android apps from various markets including the official Google Play. At the moment, over five million Android apps have been collected. Based on AndroZoo, we have explored several directions that mine Android apps for resolving various challenges. In this work, we summarize those resolved mining challenges in three research dimensions, including code analysis, app evolution analysis, malware analysis, and present in each dimension several case studies that experimentally demonstrate the usefulness of AndroZoo.

show abstract

Section: Discussionmentioning

confidence: 99%

Mining AndroZoo: A Retrospect

2017

2017 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

show abstract

“…(3) Leveraging the information yielded by the RAM module, the BOM module instruments the app and transforms it in a new app where reflective calls are augmented with standard java calls. The objective of BOM is to produce an equivalent app whose analysis by state-of-the-art tools will yield more precise results [24,25]. …”

Section: Taming Reflectionmentioning

confidence: 99%

DroidRA: taming reflection to support whole-program analysis of Android apps

Bissyandé

Octeau

et al. 2016

Proceedings of the 25th International Symposium on Software Testing and Analysis

Self Cite

134

View full text Add to dashboard Cite

Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentationbased approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results.

show abstract

“…Furthermore, we have implemented a generic framework called Apkpler [15], which integrates a plugin system to reduce the analysis complexity of Android apps. With the help of Apkpler, FlowDroid can actually benefit from IccTA's output to detect ICC-aware sensitive data leaks.…”

Section: Remaining Workmentioning

confidence: 99%

Boosting static analysis of Android apps through code instrumentation

2016

Proceedings of the 38th International Conference on Software Engineering Companion

Self Cite

View full text Add to dashboard Cite

Towards a generic framework for automating extensive analysis of Android applications

Cited by 5 publications

References 20 publications

Mining AndroZoo: A Retrospect

Mining AndroZoo: A Retrospect

DroidRA: taming reflection to support whole-program analysis of Android apps

Boosting static analysis of Android apps through code instrumentation

Contact Info

Product

Resources

About