Detect Sensitive Data Leakage via Inter-application on Android by Using Static Analysis and Dynamic Analysis

Abstract

Mobile malwares (especially spyware) target heavily Android operating system. Data is leaked if it exists a sensitive data flow (Data propagation from sensitive source to critical sink). Usually, a sensitive data flow is executed by a chain of actions. In most cases, sensitive data flows are begun and finished in the same application. However, there exist cases where these flows can pass to multi-applications by using inter-application communication. Standalone application analysis can not detect such data flows. Static analysis faces limitations when malware code is obfuscated. Besides, certain actions only take place when receiving input from user. It means that the information related to sensitive data flows is depended on the input data. Which is not available at analysis time when using static analysis technique. In this study, we propose uitHyDroid system that allows to detect sensitive data leakage via multi-applications by using hybrid analysis. uitHyDroid uses static analysis to collect sensitive data flows in each application. Meanwhile, dynamic analysis is used to capture inter-application communications. In this study, to evaluate our approach, we use the extended of DroidBench dataset and applications downloaded from GooglePlay. The experimental results show that almost of sensitive data leakages in the first dataset are correctly detected. Beside that, the proposed system detects several malwares in real-world applications.