Measuring the risk value of sensitive dataflow path in Android applications

Abstract

AbstractNowadays, smartphones carry large amounts of user privacy and sensitive data. With the popularity of the Android operating system, the cases of sensitive date leakage in Android applications are on the rise and are causing a great loss to Android users. In order to mitigate this condition, static and dynamic taint analysis are applied to precisely detect sensitive data leakages. These approaches cannot distinguish sensitive data leakages in benign apps from the ones in malicious apps. Recently, the difference on sensitive data flows between benign apps and malicious apps has been found to be significant. In this paper, we further find that there exists great difference between benign and malicious apps on the frequencies of sensitive dataflow paths. This difference can be used to enforce a risk value over every sensitive dataflow path. This risk value can guide the identification of sensitive data leakages in malicious apps. We present RISKPATH, a tool that automatically calculates the risk values for sensitive dataflow paths in Android applications. Applying the result of RISKPATH to MUDFLOW framework, we increase the true positive rate of malware detection by 3.96–6.54% on different datasets with reasonable increase in time and memory consumption. Copyright © 2017 John Wiley & Sons, Ltd.