DroidRista: a highly precise static data flow analysis framework for android applications

Abstract

The Android operating system dominates the smartphone market. Thus, to service the market, the number of Android applications has risen dramatically. These applications are processing a great amount of sensitive data, which could result in various concerns including data leakage and privacy violations. For example, applications may misuse the sensitive data stored on Android devices and violate the privacy of the user. Therefore, it is essential to maintain user privacy and protect sensitive data from leakage. Static data flow analysis approaches are used for analyzing Android applications to uncover security and privacy issues. However, these approaches frequently generate false alarms, given the different challenges created by Android applications, such as inter-component communication (ICC), reflection, and implicit flow. This work presents the DroidRista approach for conducting static data flow analysis on Android applications to detect sensitive data leakage. DroidRista analyzes ICC, reflection, and implicit flow in Android applications. To evaluate the performance of DroidRista, it was tested on three data sets. The results demonstrate improved performance in terms of detecting data leakage compared to existing static data flow analysis approaches.