I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis
This addresses privacy risks for Android users by providing a more accurate tool for detecting data leaks, though it is incremental as it builds on existing static analysis methods.
The paper tackles the problem of privacy leaks in Android apps by developing IccTA, a static taint analysis tool that detects inter-component data flows with improved precision, achieving 95.0% precision and 82.6% recall on DroidBench and identifying 147 leaks in real-world apps with 88.4% precision.
Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components, which improves the precision of the analysis. IccTA outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our approach detects 147 inter-component based privacy leaks in 14 applications in a set of 3000 real-world applications with a precision of 88.4%. With the help of ApkCombiner, our approach is able to detect inter-app based privacy leaks.