Execution Recording and Reconstruction for Detecting Information Flows in Android Apps
Security researchers utilize taint analyses to uncover suspicious behaviors in Android apps. Current static taint analyzers cannot handle ICC, reflection, and lifecycles dependably, increasing the result verification cost. On the other hand, current dynamic taint trackers accurately detect execution...
Gespeichert in:
| Veröffentlicht in: | IEEE access 2023-01, Vol.11, p.1-1 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 1 |
|---|---|
| container_issue | |
| container_start_page | 1 |
| container_title | IEEE access |
| container_volume | 11 |
| creator | Inayoshi, Hiroki Kakei, Shohei Saito, Shoichi |
| description | Security researchers utilize taint analyses to uncover suspicious behaviors in Android apps. Current static taint analyzers cannot handle ICC, reflection, and lifecycles dependably, increasing the result verification cost. On the other hand, current dynamic taint trackers accurately detect execution paths. However, they depend on specific Android versions and modified devices, reducing their usability and applicability. In addition, they require app exercise every time running the taint analysis. This paper presents a new dynamic taint tracker called T-Recs, tracking information flows by recording and reconstructing the app execution. First, before the taint analysis, the app's runtime data are obtained by instrumenting logging code into the app's bytecode and running the app to be independent of specific Android versions and devices. Then, T-Recs performs the taint analysis accurately with the logged data and separately from the app exercise. This paper is an extended version of our work published. Previously, T-Recs' accuracy was mainly evaluated in privacy leak detection. The results show that T-Recs outperforms compared analyzers, which are FlowDroid (w/ and w/o IC3), Amandroid, DroidSafe, and TaintDroid (w/ and w/o IntelliDroid). This paper also involves DroidRA and IccTA. This paper shows that T-Recs detects ICC- and reflection-related leaks missed by FlowDroid in popular Google Play apps. The other static analyzers fail to analyze most of the apps. These experiments also indicate an advantage of T-Recs: its users can re-execute T-Recs' taint analysis without re-exercising the app. T-Recs' app-runtime overhead and parallel execution performance were also evaluated, and the results are acceptable. |
| doi_str_mv | 10.1109/ACCESS.2023.3240724 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_10032128</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10032128</ieee_id><doaj_id>oai_doaj_org_article_94e94a9179a8446c8919b3cd153c6511</doaj_id><sourcerecordid>2774334173</sourcerecordid><originalsourceid>FETCH-LOGICAL-c409t-52657e5a6010bbdcfe4a91e296c041f69259db43313a53dbf80bb4985b5aa61c3</originalsourceid><addsrcrecordid>eNpNUV1LwzAUDaLgmPsF-lDwuTPfbR5L3XQwEJz6GtIkHR1bU5MO9d-btSK7L7nn3nNOLhwAbhGcIwTFQ1GWi81mjiEmc4IpzDC9ABOMuEgJI_zyrL8GsxB2MFYeRyybgI_Ft9XHvnFt8mq186Zpt4lqzYDa0PujHpa188mj7W1EkbBqIz6oYbPcu6-QNG1StMa7xiRF14UbcFWrfbCzv3cK3peLt_I5Xb88rcpinWoKRZ8yzFlmmeIQwaoyurZUCWSx4BpSVHOBmTAVJQQRxYip6jzSqMhZxZTiSJMpWI2-xqmd7HxzUP5HOtXIYeD8VirfN3pvpaBWnNwzoXJKuc4FEhXRBjGiOUMoet2PXp13n0cberlzR9_G8yXOsngERRmJLDKytHcheFv__4qgPOUhxzzkKQ_5l0dU3Y2qxlp7poAEI5yTX2LUhZc</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2774334173</pqid></control><display><type>article</type><title>Execution Recording and Reconstruction for Detecting Information Flows in Android Apps</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Inayoshi, Hiroki ; Kakei, Shohei ; Saito, Shoichi</creator><creatorcontrib>Inayoshi, Hiroki ; Kakei, Shohei ; Saito, Shoichi</creatorcontrib><description>Security researchers utilize taint analyses to uncover suspicious behaviors in Android apps. Current static taint analyzers cannot handle ICC, reflection, and lifecycles dependably, increasing the result verification cost. On the other hand, current dynamic taint trackers accurately detect execution paths. However, they depend on specific Android versions and modified devices, reducing their usability and applicability. In addition, they require app exercise every time running the taint analysis. This paper presents a new dynamic taint tracker called T-Recs, tracking information flows by recording and reconstructing the app execution. First, before the taint analysis, the app's runtime data are obtained by instrumenting logging code into the app's bytecode and running the app to be independent of specific Android versions and devices. Then, T-Recs performs the taint analysis accurately with the logged data and separately from the app exercise. This paper is an extended version of our work published. Previously, T-Recs' accuracy was mainly evaluated in privacy leak detection. The results show that T-Recs outperforms compared analyzers, which are FlowDroid (w/ and w/o IC3), Amandroid, DroidSafe, and TaintDroid (w/ and w/o IntelliDroid). This paper also involves DroidRA and IccTA. This paper shows that T-Recs detects ICC- and reflection-related leaks missed by FlowDroid in popular Google Play apps. The other static analyzers fail to analyze most of the apps. These experiments also indicate an advantage of T-Recs: its users can re-execute T-Recs' taint analysis without re-exercising the app. T-Recs' app-runtime overhead and parallel execution performance were also evaluated, and the results are acceptable.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2023.3240724</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Analyzers ; Android security ; Androids ; Applications programs ; Codes ; Information flow ; Internet ; Leak detection ; Performance evaluation ; Privacy ; privacy leak detection ; Recording ; Runtime ; taint analysis ; Target tracking ; Usability</subject><ispartof>IEEE access, 2023-01, Vol.11, p.1-1</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c409t-52657e5a6010bbdcfe4a91e296c041f69259db43313a53dbf80bb4985b5aa61c3</citedby><cites>FETCH-LOGICAL-c409t-52657e5a6010bbdcfe4a91e296c041f69259db43313a53dbf80bb4985b5aa61c3</cites><orcidid>0000-0003-3355-8804 ; 0000-0003-3103-9656 ; 0000-0003-3137-4956</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10032128$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,860,2095,27612,27903,27904,54912</link.rule.ids></links><search><creatorcontrib>Inayoshi, Hiroki</creatorcontrib><creatorcontrib>Kakei, Shohei</creatorcontrib><creatorcontrib>Saito, Shoichi</creatorcontrib><title>Execution Recording and Reconstruction for Detecting Information Flows in Android Apps</title><title>IEEE access</title><addtitle>Access</addtitle><description>Security researchers utilize taint analyses to uncover suspicious behaviors in Android apps. Current static taint analyzers cannot handle ICC, reflection, and lifecycles dependably, increasing the result verification cost. On the other hand, current dynamic taint trackers accurately detect execution paths. However, they depend on specific Android versions and modified devices, reducing their usability and applicability. In addition, they require app exercise every time running the taint analysis. This paper presents a new dynamic taint tracker called T-Recs, tracking information flows by recording and reconstructing the app execution. First, before the taint analysis, the app's runtime data are obtained by instrumenting logging code into the app's bytecode and running the app to be independent of specific Android versions and devices. Then, T-Recs performs the taint analysis accurately with the logged data and separately from the app exercise. This paper is an extended version of our work published. Previously, T-Recs' accuracy was mainly evaluated in privacy leak detection. The results show that T-Recs outperforms compared analyzers, which are FlowDroid (w/ and w/o IC3), Amandroid, DroidSafe, and TaintDroid (w/ and w/o IntelliDroid). This paper also involves DroidRA and IccTA. This paper shows that T-Recs detects ICC- and reflection-related leaks missed by FlowDroid in popular Google Play apps. The other static analyzers fail to analyze most of the apps. These experiments also indicate an advantage of T-Recs: its users can re-execute T-Recs' taint analysis without re-exercising the app. T-Recs' app-runtime overhead and parallel execution performance were also evaluated, and the results are acceptable.</description><subject>Analyzers</subject><subject>Android security</subject><subject>Androids</subject><subject>Applications programs</subject><subject>Codes</subject><subject>Information flow</subject><subject>Internet</subject><subject>Leak detection</subject><subject>Performance evaluation</subject><subject>Privacy</subject><subject>privacy leak detection</subject><subject>Recording</subject><subject>Runtime</subject><subject>taint analysis</subject><subject>Target tracking</subject><subject>Usability</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUV1LwzAUDaLgmPsF-lDwuTPfbR5L3XQwEJz6GtIkHR1bU5MO9d-btSK7L7nn3nNOLhwAbhGcIwTFQ1GWi81mjiEmc4IpzDC9ABOMuEgJI_zyrL8GsxB2MFYeRyybgI_Ft9XHvnFt8mq186Zpt4lqzYDa0PujHpa188mj7W1EkbBqIz6oYbPcu6-QNG1StMa7xiRF14UbcFWrfbCzv3cK3peLt_I5Xb88rcpinWoKRZ8yzFlmmeIQwaoyurZUCWSx4BpSVHOBmTAVJQQRxYip6jzSqMhZxZTiSJMpWI2-xqmd7HxzUP5HOtXIYeD8VirfN3pvpaBWnNwzoXJKuc4FEhXRBjGiOUMoet2PXp13n0cberlzR9_G8yXOsngERRmJLDKytHcheFv__4qgPOUhxzzkKQ_5l0dU3Y2qxlp7poAEI5yTX2LUhZc</recordid><startdate>20230101</startdate><enddate>20230101</enddate><creator>Inayoshi, Hiroki</creator><creator>Kakei, Shohei</creator><creator>Saito, Shoichi</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-3355-8804</orcidid><orcidid>https://orcid.org/0000-0003-3103-9656</orcidid><orcidid>https://orcid.org/0000-0003-3137-4956</orcidid></search><sort><creationdate>20230101</creationdate><title>Execution Recording and Reconstruction for Detecting Information Flows in Android Apps</title><author>Inayoshi, Hiroki ; Kakei, Shohei ; Saito, Shoichi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c409t-52657e5a6010bbdcfe4a91e296c041f69259db43313a53dbf80bb4985b5aa61c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Analyzers</topic><topic>Android security</topic><topic>Androids</topic><topic>Applications programs</topic><topic>Codes</topic><topic>Information flow</topic><topic>Internet</topic><topic>Leak detection</topic><topic>Performance evaluation</topic><topic>Privacy</topic><topic>privacy leak detection</topic><topic>Recording</topic><topic>Runtime</topic><topic>taint analysis</topic><topic>Target tracking</topic><topic>Usability</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Inayoshi, Hiroki</creatorcontrib><creatorcontrib>Kakei, Shohei</creatorcontrib><creatorcontrib>Saito, Shoichi</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Inayoshi, Hiroki</au><au>Kakei, Shohei</au><au>Saito, Shoichi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Execution Recording and Reconstruction for Detecting Information Flows in Android Apps</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2023-01-01</date><risdate>2023</risdate><volume>11</volume><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Security researchers utilize taint analyses to uncover suspicious behaviors in Android apps. Current static taint analyzers cannot handle ICC, reflection, and lifecycles dependably, increasing the result verification cost. On the other hand, current dynamic taint trackers accurately detect execution paths. However, they depend on specific Android versions and modified devices, reducing their usability and applicability. In addition, they require app exercise every time running the taint analysis. This paper presents a new dynamic taint tracker called T-Recs, tracking information flows by recording and reconstructing the app execution. First, before the taint analysis, the app's runtime data are obtained by instrumenting logging code into the app's bytecode and running the app to be independent of specific Android versions and devices. Then, T-Recs performs the taint analysis accurately with the logged data and separately from the app exercise. This paper is an extended version of our work published. Previously, T-Recs' accuracy was mainly evaluated in privacy leak detection. The results show that T-Recs outperforms compared analyzers, which are FlowDroid (w/ and w/o IC3), Amandroid, DroidSafe, and TaintDroid (w/ and w/o IntelliDroid). This paper also involves DroidRA and IccTA. This paper shows that T-Recs detects ICC- and reflection-related leaks missed by FlowDroid in popular Google Play apps. The other static analyzers fail to analyze most of the apps. These experiments also indicate an advantage of T-Recs: its users can re-execute T-Recs' taint analysis without re-exercising the app. T-Recs' app-runtime overhead and parallel execution performance were also evaluated, and the results are acceptable.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2023.3240724</doi><tpages>1</tpages><orcidid>https://orcid.org/0000-0003-3355-8804</orcidid><orcidid>https://orcid.org/0000-0003-3103-9656</orcidid><orcidid>https://orcid.org/0000-0003-3137-4956</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2169-3536 |
| ispartof | IEEE access, 2023-01, Vol.11, p.1-1 |
| issn | 2169-3536 2169-3536 |
| language | eng |
| recordid | cdi_ieee_primary_10032128 |
| source | IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
| subjects | Analyzers Android security Androids Applications programs Codes Information flow Internet Leak detection Performance evaluation Privacy privacy leak detection Recording Runtime taint analysis Target tracking Usability |
| title | Execution Recording and Reconstruction for Detecting Information Flows in Android Apps |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T07%3A44%3A54IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Execution%20Recording%20and%20Reconstruction%20for%20Detecting%20Information%20Flows%20in%20Android%20Apps&rft.jtitle=IEEE%20access&rft.au=Inayoshi,%20Hiroki&rft.date=2023-01-01&rft.volume=11&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2023.3240724&rft_dat=%3Cproquest_ieee_%3E2774334173%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2774334173&rft_id=info:pmid/&rft_ieee_id=10032128&rft_doaj_id=oai_doaj_org_article_94e94a9179a8446c8919b3cd153c6511&rfr_iscdi=true |