Towards a Principled Approach for Dynamic Analysis of Android's Middleware
This work addresses a reproducibility and tooling problem for researchers and developers in Android security analysis, representing an incremental step toward standardized methodologies.
The paper tackles the lack of a common foundation for dynamic analysis of Android's middleware, which hinders comparison and reproducibility, by proposing a unified dynamic analysis platform to enable re-usable solutions and comparable results.
The Android middleware, in particular the so-called systemserver, is a crucial and central component to Android's security and robustness. To understand whether the systemserver provides the demanded security properties, it has to be thoroughly tested and analyzed. A dedicated line of research focuses exclusively on this task. While static analysis builds on established tools, dynamic testing approaches lack a common foundation, which prevents the community from comparing, reproducing, or even re-using existing results from related work. This raises questions about whether the underlying approach of any proposed solution is the only possible or optimal one, if it can be re-used as a building block for future analyses, or whether results generalize. In this work, we argue that in order to steer away from incompatible custom toolchains and towards having comparable analyses with reproducible results, a more principled approach to dynamically analyzing the Android system is required. As an important first step in this direction, we propose a unified dynamic analysis platform that provides re-usable solutions for common challenges as the building blocks for future analyses and allows to compare different approaches under the same assumptions.