Ghera: A Repository of Android App Vulnerability Benchmarks

Security of mobile apps affects the security of their users. This has fueled the development of techniques to automatically detect vulnerabilities in mobile apps and help developers secure their apps; specifically, in the context of Android platform due to openness and ubiquitousness of the platform. Despite a slew of research efforts in this space, there is no comprehensive repository of up-to-date and lean benchmarks that contain most of the known Android app vulnerabilities and, consequently, can be used to rigorously evaluate both existing and new vulnerability detection techniques and help developers learn about Android app vulnerabilities. In this paper, we describe Ghera, an open source repository of benchmarks that capture 25 known vulnerabilities in Android apps (as pairs of exploited/benign and exploiting/malicious apps). We also present desirable characteristics of vulnerability benchmarks and repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1

Neural-Augmented Static Analysis of Android Communication

We address the problem of discovering communication links between applications in the popular Android mobile operating system, an important problem for security and privacy in Android. Any scalable static analysis in this complex setting is bound to produce an excessive amount of false-positives, rendering it impractical. To improve precision, we propose to augment static analysis with a trained neural-network model that estimates the probability that a communication link truly exists. We describe a neural-network architecture that encodes abstractions of communicating objects in two applications and estimates the probability with which a link indeed exists. At the heart of our architecture are type-directed encoders (TDE), a general framework for elegantly constructing encoders of a compound data type by recursively composing encoders for its constituent types. We evaluate our approach on a large corpus of Android applications, and demonstrate that it achieves very high accuracy. Further, we conduct thorough interpretability studies to understand the internals of the learned neural networks.Comment: Appears in Proceedings of the 2018 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE

I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components, which improves the precision of the analysis. IccTA outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our approach detects 147 inter-component based privacy leaks in 14 applications in a set of 3000 real-world applications with a precision of 88.4%. With the help of ApkCombiner, our approach is able to detect inter-app based privacy leaks

Plasma Membrane Compartmentalization of D2 Dopamine Receptors

Plasma membrane microcompartments could allow different signaling pathways to operate more efficiently and prevent cross-talk. We utilized a novel in-cell biotin transfer assay to demonstrate that the majority of plasma membrane-expressed D2 dopamine receptor (D2R) is microcompartmentalized within detergent-resistant structures. Conversely, a minority of D2R existed in a detergent-soluble form and interacted in a relatively unrestricted manner with other cellular proteins. The microcompartmentalization of D2R had functional consequences because dopamine-induced internalization of D2R was largely restricted to the compartmentalized receptor. The D2R-containing microcompartments did not correspond to putative detergent-resistant lipid raft structures. First, the detergent-insoluble D2R structures were significantly denser than detergent-resistant membrane fragments containing flotillin, a widely utilized lipid raft marker protein. Second, the detergent solubility of D2R was unaffected by treatment of cells with the cholesterol chelating agent, methyl-β-cyclodextrin, that is thought to disrupt lipid rafts. Finally, the in-cell biotinylation assay did not provide any evidence for the membrane compartmentalization of peptide motifs thought to target to lipid rafts. Thus, our observations form one of the first demonstrations, in living cells, of plasma membrane microcompartments defined by the ability of the compartment structure to broadly restrict the interaction of resident molecules with other cellular proteins

Communicating in a Socially-Aware Network: Impact of Relationship Types

Communication networks are linked to and influenced by human interactions. Socially aware systems should integrate these complex relationship patterns in the network design. This paper studies the impact of friendship and antagonistic relationships between individuals on optimal network propagation policies. We develop a network propagation model for signed networks and determine the optimal policies to influence a target node with an opinion while minimizing the total number of persons against it. We also provide extensions to this problem to elaborate on the impact of network parameters, such as minimum-delay propagation, while limiting the number of persons influenced against the idea before reaching the target. We provide numerical evaluations in a synthetic setup as well as the Epinions online social dataset. We demonstrate that propagation schemes with social and influence-centric constraints should take into account the relationship types in network design

Boosting Static Analysis of Android Apps through Code Instrumentation

Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis

AnFlo: Detecting anomalous sensitive information flows in Android apps

Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive data is handled by an app which is vulnerable or malicious. Existing approaches that detect anomalous sensitive data flows have limitations in terms of accuracy because the definition of anomalous flows may differ for different apps with different functionalities; it is normal for "Health" apps to share heart rate information through the Internet but is anomalous for "Travel" apps. In this paper, we propose a novel approach to detect anomalous sensitive data flows in Android apps, with improved accuracy. To achieve this objective, we first group trusted apps according to the topics inferred from their functional descriptions. We then learn sensitive information flows with respect to each group of trusted apps. For a given app under analysis, anomalies are identified by comparing sensitive information flows in the app against those flows learned from trusted apps grouped under the same topic. In the evaluation, information flow is learned from 11,796 trusted apps. We then checked for anomalies in 596 new (benign) apps and identified 2 previously-unknown vulnerable apps related to anomalous flows. We also analyzed 18 malware apps and found anomalies in 6 of them