ConsiDroid: A Concolic-based Tool for Detecting SQL Injection Vulnerability in Android Apps
This work addresses security vulnerabilities in Android apps for developers and users, but it is incremental as it builds on existing concolic execution and taint analysis methods.
The authors tackled the problem of detecting SQL injection vulnerabilities in Android apps by developing ConsiDroid, a concolic execution-based tool that integrates taint analysis and static analysis, and they found three vulnerable apps out of 140 tested from the F-Droid repository.
In this paper, we present a concolic execution technique for detecting SQL injection vulnerabilities in Android apps, with a new tool we called ConsiDroid. We extend the source code of apps with mocking technique, such that the execution of original source code is not affected. The extended source code can be treated as Java applications and may be executed by SPF with concolic execution. We automatically produce a DummyMain class out of static analysis such that the essential functions are called sequentially and, the events leading to vulnerable functions are triggered. We extend SPF with taint analysis in ConsiDroid. For making taint analysis possible, we introduce a new technique of symbolic mock classes in order to ease the propagation of tainted values in the code. An SQL injection vulnerability is detected through receiving a tainted value by a vulnerable function. Besides, ConsiDroid takes advantage of static analysis to adjust SPF in order to inspect only suspicious paths. To illustrate the applicability of ConsiDroid, we have inspected randomly selected 140 apps from F-Droid repository. From these apps, we found three apps vulnerable to SQL injection. To verify their vulnerability, we analyzed the apps manually based on ConsiDroid's reports by using Robolectric.