An efficient approach for taint analysis of android applications

Abstract

In recent years, sensitive data leaks of Android system attracted significant attention. The traditional facilities proposed for detecting these leaks, i.e. taint analysis, mostly focus on the precision and recall of the result with few of them addressing the importance of the cost and efficiency. As a matter of fact, the high costs of these tools often make them fail in analyzing large-scale apps and thus block them from wide usage in practice. In this paper, we propose FastDroid, an efficient and precise approach for taint analysis in Android apps with flow and context-sensitivity. First, upon groups of taint rules, a preliminary flow-insensitive taint analysis is conducted to construct the taint value graph which is an abstraction defined to describe the process of taint propagation in an app. Then, potential taint flows are extracted from the taint value graphs and further checked on the control flow graph to acquire the real taint flows. FastDroid is evaluated on the benchmark DroidBench, 1517 apps from Google Play store and 1022 apps from AndroZoo. The results show that the F-measure scores of FastDroid on DroidBench 2.0 and 3.0 are 0.89 and 0.75 respectively, the performance is better than the state-of-the-art tool FlowDroid. Further, a comparison on runtime with FlowDroid shows that FastDroid improves the efficiency significantly.