Abstract
Android is currently the most popular smartphone operating system in use, with its success attributed to the large number of applications available from the Google Play Store. However, these contain issues relating to the storage of the user’s sensitive data, including contacts, location, and the phone’s unique identifier (IMEI). Use of these applications therefore risks exfiltration of this data, including unauthorized tracking of users’ behavior and violation of their privacy. Sensitive data leaks are currently detected with taint analysis approaches. This paper addresses these issues by proposing a new static taint analysis framework specifically for Android platforms, termed “B-Droid”. B-Droid is based on static taint analysis using a large set of sources and sinks techniques, side by side with the fuzz testing concept, in order to detect privacy leaks, whether malicious or unintentional by analyses the behavior of Applications Under Test (AUTs). This has the potential to offer improved precision in comparison to earlier approaches. To ensure the quality of our analysis, we undertook an evaluation testing a variety of Android applications installed on a mobile after filtering according to the relevant permissions. We found that B-Droid efficiently detected five of the most prevalent commercial spyware applications on the market, as well as issuing an immediate warning to the user, so that they can decide not to continue with the AUTs. This paper provides a detailed analysis of this method, along with its implementation and results.
Highlights
Android‟s market share of mobile phones grew to 74.6% in 2020 [1]
We integrate the open source FlowDroid tool [9] as a module into our B-Droid platform, followed by double checking the results during the third stage, using a fuzz testing module for the Applications Under Test (AUT)
WORK The future of applications analysis lies in the Incorporation of several techniques all must work in tandem to reduce their respective weaknesses and turn their integration into strength
Summary
Android‟s market share of mobile phones grew to 74.6% in 2020 [1]. there remains considerable concern that popular Android apps tend to leak sensitive information about the user, i.e. phone number, the ID of the mobile device, location, and details of the Subscriber Identity Module (SIM) card. A major contributor to user data leaks is advertisement libraries, included by some applications to earn money, often enabling the applications to be free to use [2]. These libraries permit advertisements to target a user's private information and identify him or her through unique identifiers (e.g. the MAC-address and IMEI ) as well as location or country [3]. We provide the theoretical background to the present study, including an overview of Android systems, taint analysis, mobile malwares, and the fuzz testing concept. An Activity refers to the parts of the Android app visible to the user, forming the user interface
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
