A Static Assurance Analysis of Android Applications

TR Number

TR-13-03

Date

2013-07-11

Journal Title

Journal ISSN

Volume Title

Publisher

Department of Computer Science, Virginia Polytechnic Institute & State University

Abstract

We describe an efficient approach to identify malicious Android applications through specialized static program analysis. Our solution – referred to as user intention program dependence analysis – performs offline analysis to find the dependence relations between user triggers and entry points to methods providing critical system functions. Analyzing these types of dependences in programs can identify the privileged operations (e.g., file, network operations and sensitive data access) that are not intended by users. We apply our technique on 708 free popular apps and 482 malware apps for Android OS, and the experimental results show that our technique can differentiate between legitimate and malware applications with high accuracy. We also explain the limitations of the user-intention-based approach and point out the need for practitioners to adopt multiple analysis tools for evaluating the assurance of Android applications.

Description

Keywords

Computer science, Software engineering

Citation