| Title | An Automated Pipeline for Privacy Leak Analysis of Android Applications |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Conference Name | 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE) |
| Date Published | nov |
| Keywords | Android permission, composability, dynamic analysis, Human Behavior, mobile application security, Pipelines, privacy, privacy leak, pubcrawl, resilience, Resiliency, software engineering, static analysis, taint analysis, telecommunication traffic |
| Abstract | We propose an automated pipeline for analyzing privacy leaks in Android applications. By using a combination of dynamic and static analysis, we validate the results from each other to improve accuracy. Compare to the state-of-the-art approaches, we not only capture the network traffic for analysis, but also look into the data flows inside the application. We particularly focus on the privacy leakage caused by third-party services and high-risk permissions. The proposed automated approach will combine taint analysis, permission analysis, network traffic analysis, and dynamic function tracing during run-time to identify private information leaks. We further implement an automatic validation and complementation process to reduce false positives. A small-scale experiment has been conducted on 30 Android applications and a large-scale experiment on more than 10,000 Android applications is in progress. |
| DOI | 10.1109/ASE51524.2021.9678875 |
| Citation Key | zhou_automated_2021 |
An Automated Pipeline for Privacy Leak Analysis of Android Applications