Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
Tue 12 Nov 2019 13:40 - 14:00 at Hillcrest - Mobile 2 Chair(s): Myra Cohen

In the past, researchers have developed a number of popular taint-analysis approaches, particularly in the context of Android applications. Numerous studies have shown that automated code analyses are adopted by developers only if they yield a good “signal to noise ratio”, i.e., high precision. Many previous studies have reported analysis precision quantitatively, but this gives little insight into what can and should be done to increase precision further.

To guide future research on increasing precision, we present a comprehensive study that evaluates static Android taint-analysis results on a qualitative level. To unravel the exact nature of taint flows, we have designed COVA, an analysis tool to compute partial path constraints that inform about the circumstances under which taint flows may actually occur in practice.

We have conducted a qualitative study on the taint flows in 1,022 real-world Android applications. Our results reveal several key findings: Many taint flows occur only under specific conditions, e.g., environment settings, user interaction, I/O. Taint analyses should consider the application context to discern such situations. COVA shows that few taint flows are guarded by multiple different kinds of conditions simultaneously, so tools that seek to confirm true positives dynamically can concentrate on one kind at a time, e.g., only simulating user interactions. Lastly, many false positives arise due to a too liberal source/sink configuration. Taint analyses must be more carefully configured, and their configuration could benefit from better tool assistance.

Tue 12 Nov

13:40 - 15:20: Papers - Mobile 2 at Hillcrest
Chair(s): Myra CohenIowa State University
ase-2019-papers13:40 - 14:00
A Qualitative Analysis of Android Taint-Analysis Results
Linghui LuoPaderborn University, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Johannes SpäthFraunhofer IEM
ase-2019-papers14:00 - 14:20
Goal-Driven Exploration for Android Applications
Duling LaiUniversity of British Columbia, Julia RubinUniversity of British Columbia
ase-2019-papers14:20 - 14:40
RANDR: Record and Replay for Android Applications via Targeted Runtime Instrumentation
Onur SahinBoston University, Assel AliyevaBoston University, Hariharan MathavanBoston University, Ayse CoskunBoston University, Manuel EgeleBoston University, USA
ase-2019-Journal-First-Presentations14:40 - 15:00
Specifying Callback Control Flow of Mobile Apps Using Finite Automata
Danilo Dominguez PerezIowa State University, Wei LeIowa State University
Link to publication
ase-2019-papers15:00 - 15:20
MalScan: Fast Market-Wide Mobile Malware Scanning by Social-Network Centrality Analysis
Yueming WuHuazhong University of Science and Technology, Xiaodi LiUniversity of Texas at Dallas, Deqing ZouHuazhong University of Science and Technology, Wei YangUniversity of Texas at Dallas, Xin ZhangHuazhong University of Science and Technology, Hai JinHuazhong University of Science and Technology