FlowDroid – Taint Analysis

FlowDroidFlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Unlike many other static-analysis approaches for Android we aim for an analysis with very high recall and precision. To achieve this goal we had to accomplish two main challenges: To increase precision we needed to build an analysis that is context-, flow-, field- and object-sensitive; to increase recall we had to create a complete model of Android’s app lifecycle.

Our analysis is based on Soot and Heros. FlowDroid uses a very precise callgraph which helps us to ensure flow- and context-sensitivity. Its IFDS-based flow functions guarantee field- and object-sensitivity. Because an accurate and efficient alias search is crucial for context-sensitivity in conjuction with field-sensitivity, we want to highlight this part of our analysis, which is inspired by Andromeda. The following code example shows how our approach tracks aliases:
aliasFlow
We want to analyze if there is a connection from source to the sink. We start with the first line of the main method and analyze each statement successively. Note that in (3) a taint is assigned to a field (x.f) which starts a backward analysis. Now the statements are examined in the reverse order and we learn that z.g.f, a.g.f and b.f are aliases of x.f. The sink method takes b.f as input parameter, so there is a source-to-sink connection.

Furthermore, FlowDroid needs a complete modeling of Android’s lifecycles and callbacks. Because sources and sinks for Android are provided by SuSi, we only have to look for entry points. Along with necessary meta information they are extracted from Android’s manifest file, dex files and layout xml files. The latter allow us to consider user interaction callbacks defined in XML (for example button clicks) and discover additional sources in terms of password fields. Because user interaction cannot be predicted statically, FlowDroid generates a special main method which considers all possible combinations to make sure no taint is lost.

FlowDroid achieves 93% recall and 86% precision on DroidBench, our own Android benchmark suite. Despite its high precision FlowDroid is still capable of analyzing real-world applications and also performs well on SecuriBench Micro, a testsuite originally designed for web applications.

Are there any publications on FlowDroid?

FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps (Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves le Traon, Damien Octeau and Patrick McDaniel). To appear at PLDI’14.

Highly Precise Taint Analysis for Android Applications (Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves le Traon, Damien Octeau and Patrick McDaniel), EC SPRIDE Technical Report TUD-CS-2013-0113, May 2013.

FlowDroid: A Precise and Scalable Data Flow Analysis for Android (Christian Fritz), Master thesis, TU Darmstadt, July 2013.

Where can I find the source-code of FlowDroid?The source code consists of two projects on Github, along with its dependencies:

aec-badge-pldi

See the Wiki page on Github for information on how to build and run FlowDroid. There, you can also find links to nightly builds of all required JAR files which is the most convenient way to try out FlowDroid. If you have any questions, please contact Steven Arzt or Siegfried Rasthofer.

 

Which source/sinks lists can I use to configure FlowDroid?

The most comprehensive lists are the ones computed by our SuSi tool. They are available for download here.

 

 

30 thoughts on “FlowDroid – Taint Analysis

  1. Pingback: Prof. Eric Bodden, Ph.D. » FlowDroid in the news

  2. Pingback: Prof. Eric Bodden, Ph.D. » A recap on our research progress in 2013

  3. Pingback: Prof. Eric Bodden, Ph.D. » FlowDroid receives Artifact Evaluation Award

  4. Pingback: Prof. Eric Bodden, Ph.D. » IccTA vs. DidFail: Inter-Component, Inter-Application Data Flow Analysis in Android Applications

  5. Pingback: ste williams – Boffins tag Android app privacy fails

  6. Pingback: Android, Heartbleed, Testing, and DevOps: An SEI Blog Mid-Year Review | Blog

  7. Pingback: What is noninterference, and how do we enforce it? - The PL Enthusiast

  8. Pingback: Best Android Security Resources | Securitas | {Room 237}

  9. Pingback: To-do & Ideas | Tianhan's Blog

  10. Pingback: ToolBox | Tianhan's Blog

  11. Pingback: Codeinspect: The all-in-one Platform for Android App Analysis – forensic blog

  12. Pingback: [Dica#04] Android Malware Analysis Tools – MalwareVerse

  13. Pingback: Android Malware Analysis Tools,android malware analysis sandbox

  14. Pingback: Android malware analysis tool – All things in moderation

  15. Pingback: Recopilación de herramientas de penetration testing para Android - Div Security

  16. Pingback: Most Important Android Security Penetration Testing Tools for Hackers & Security Professionals -

  17. Pingback: Improving dynamic analysis coverage in Android with DroidBot – The Honeynet Project

  18. Pingback: Android Security Penetration Testing Tools for Security Professionals

  19. Pingback: Most Important Android Penetration Testing Tools for Pentesters & Security Professionals – pcsecurity-99.com

  20. Pingback: Awesome Android Application Security – Enciphers

  21. Pingback: Soot v4.0 releases: A framework for analyzing and transforming Java and Android applications • Penetration Testing

  22. Pingback: Awesome Android Application Security

  23. Pingback: Most Important Android Penetration Testing Tools for Pentesters & Security Professionals - Hackonology

  24. Pingback: Les outils de pentest Android les plus importants pour les pentesters et les professionnels de la sécurité - l'oasis

  25. Pingback: Most Important Android Penetration Testing Tools for Pentesters & Security Professionals – Mehran Tajbakhsh

  26. Pingback: Awesome Android Security – Massive Collection of Resources – Learn Practice & Share

  27. Pingback: Most Important Android Penetration Testing Tools for Pentesters & Security Professionals – USA People Search Directory

  28. Pingback: Android Security Penetration Testing Tools for Security Professionals - Latest Hacking NEWS - Lazy Hackers LLP

  29. Pingback: android security awesome: GitHub File Free Download

  30. Pingback: Android Security Awesome : Securing the Android Ecosystem

Comments are closed.