cispa_all_3030.pdf (789.52 kB)

Heaps'n'Leaks: How Heap Snapshots Improve Android Taint Analysis

Download (789.52 kB)
conference contribution
posted on 2023-11-29, 18:12 authored by Manuel Benz, Erik Krogh Kristensen, Linghui Luo, Nataniel Pereira Borges Jr., Eric Bodden, Andreas ZellerAndreas Zeller
The assessment of information flows is an essential part of analyzing Android apps, and is frequently supported by static taint analysis. Its precision, however, can suffer from the analysis not being able to precisely determine what elements a pointer can (and can not) point to. Recent advances in static analysis suggest that incorporating dynamic heap snapshots, taken at one point at runtime, can significantly improve general static analysis. In this paper, we investigate to what extent this also holds for taint analysis, and how various design decisions, such as when and how many snapshots are collected during execution, and how exactly they are used, impact soundness and precision. We have extended FlowDroid to incorporate heap snapshots, yielding our prototype Heapster, and evaluated it on DroidMacroBench, a novel benchmark comprising real-world Android apps that we also make available as an artifact. The results show (1) the use of heap snapshots lowers analysis time and memory consumption while increasing precision; (2) a very good trade-off between precision and recall is achieved by a mixed-mode in which the analysis falls back to static points-to relations for objects for which no dynamic data was recorded; and (3) while a single heap snapshot (ideally taken at the end of the execution)suffices to improve performance and precision, a better trade-off can be obtained by using multiple snapshots.


Preferred Citation

Manuel Benz, Erik Kristensen, Linghui Luo, Nataniel Jr., Eric Bodden and Andreas Zeller. Heaps'n'Leaks: How Heap Snapshots Improve Android Taint Analysis. In: International Conference on Software Engineering (ICSE). 2020.

Primary Research Area

  • Secure Connected and Mobile Systems

Secondary Research Area

  • Empirical and Behavioral Security

Name of Conference

International Conference on Software Engineering (ICSE)

Legacy Posted Date


Open Access Type

  • Unknown


@inproceedings{cispa_all_3030, title = "Heaps'n'Leaks: How Heap Snapshots Improve Android Taint Analysis", author = "Benz, Manuel and Kristensen, Erik Krogh and Luo, Linghui and Jr., Nataniel Pereira Borges and Bodden, Eric and Zeller, Andreas", booktitle="{International Conference on Software Engineering (ICSE)}", year="2020", }

Usage metrics


    No categories selected


    Ref. manager