CISPA
Browse
cispa_all_3340.pdf (322.14 kB)

Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework

Download (322.14 kB)
conference contribution
posted on 2023-11-29, 18:15 authored by Abdallah Dawoud, Sven BugielSven Bugiel
Android's application framework plays a crucial part in protecting users' private data and the system integrity. Consequently, it has been the target of various prior works that analyzed its security policy and enforcement. Those works uncovered different security problems, including incomplete documentation, permission re-delegation within the framework, and inconsistencies in access control. However, all but one of those prior works were based on static code analysis. Thus, their results provide a one-sided view that inherits the limitations and drawbacks of applying static analysis to the vast, complex code base of the application framework. Even more, the performances of different security applications---including malware classification and least-privileged apps---depend on those analysis results, but those applications are currently tarnished by imprecise and incomplete results as a consequence of this imbalanced analysis methodology. To complement and refine this methodology and consequently improve the applications that are dependent on it, we add dynamic analysis of the application framework to the current research landscape and demonstrate the necessity of this move for improving the quality of prior results and advancing the field. Applying our solution, called Dynamo, to four prominent use-cases from the literature and taking a synoptical view on the results, we verify but also refute and extend the existing results of prior static analysis solutions. From the manual investigation of the root causes of discrepancies between results, we draw new insights and expert knowledge that can be valuable in improving both static and dynamic testing of the application framework.

History

Preferred Citation

Abdallah Dawoud and Sven Bugiel. Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework. In: Network and Distributed System Security Symposium (NDSS). 2021.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Network and Distributed System Security Symposium (NDSS)

Legacy Posted Date

2021-01-07

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3340, title = "Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework", author = "Dawoud, Abdallah and Bugiel, Sven", booktitle="{Network and Distributed System Security Symposium (NDSS)}", year="2021", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC