{"id":17,"date":"2013-05-10T16:11:37","date_gmt":"2013-05-10T14:11:37","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=17"},"modified":"2013-05-10T16:11:37","modified_gmt":"2013-05-10T14:11:37","slug":"announcing-flowdroid","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2013\/05\/10\/announcing-flowdroid\/","title":{"rendered":"FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_17 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_17')){$('.twoclick_social_bookmarks_post_17').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2013\\\/05\\\/10\\\/announcing-flowdroid\\\/\",\"post_id\":17,\"post_title_referrer_track\":\"FlowDroid%3A+Precise+Context%2C+Flow%2C+Field%2C+Object-sensitive+and+Lifecycle-aware+Taint+Analysis+for+Android+Apps\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><a href=\"http:\/\/blogs.uni-paderborn.de\/sse\/files\/2013\/05\/android-ss-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-15 alignright\" alt=\"android-ss-1\" src=\"http:\/\/blogs.uni-paderborn.de\/sse\/files\/2013\/05\/android-ss-1-300x300.png\" width=\"210\" height=\"210\" srcset=\"https:\/\/blogs.uni-paderborn.de\/sse\/files\/2013\/05\/android-ss-1-300x300.png 300w, https:\/\/blogs.uni-paderborn.de\/sse\/files\/2013\/05\/android-ss-1-150x150.png 150w, https:\/\/blogs.uni-paderborn.de\/sse\/files\/2013\/05\/android-ss-1-768x768.png 768w, https:\/\/blogs.uni-paderborn.de\/sse\/files\/2013\/05\/android-ss-1.png 1000w\" sizes=\"auto, (max-width: 210px) 100vw, 210px\" \/><\/a>In our new technical report <a href=\"https:\/\/www.informatik.tu-darmstadt.de\/fileadmin\/user_upload\/Group_CASED\/Publikationen\/TUD-CS-2013-0113.pdf\">Highly Precise Taint Analysis for Android Applications<\/a>\u00a0we present our new tool <strong>FlowDroid<\/strong>\u00a0which implements a<strong><em> context-, flow-, field-, object-sensitive and lifecycle-aware<\/em><\/strong> static taint analysis tool for Android applications.<\/p>\n<p>Furthermore, we also created an Android benchmark suite, <a title=\"DroidBench\" href=\"http:\/\/sseblog.ec-spride.de\/android\/droidbench\/\">DroidBench<\/a>, as a testing ground for\u00a0static and dynamic security tools.<\/p>\n<p>This is joint work with Alexandre Bartel, Jacques Klein and Yves le Traon from the University of Luxembourg and with Damien Octeau and Patrick McDaniel from Penn State University.<\/p>\n<p><!--more-->Abstract:<\/p>\n<div>\n<p><em>Today\u2019s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive data, or to track users without their consent or even the users noticing. Dynamic program analy- ses fail to discover such malicious activity because apps have learned to recognize the analyses as they execute.<\/em><\/p>\n<p><em>In this work we present FlowDroid, a novel and highly precise taint analysis for Android applications. A precise model of Android\u2019s lifecycle allows the analysis to prop- erly handle callbacks, while context, flow, field and object- sensitivity allows the analysis to track taints with a degree of precision unheard of from previous Android analyses.<\/em><\/p>\n<p><em>We also propose DroidBench, an open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DroidBench and a set of well-known Android test applications, our approach finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, our approach achieves 93% recall and 86% precision, greatly outperforming the commercial tools AppScan Source and Fortify SCA.\u00a0<\/em><\/p>\n<p><strong>Where can I find more information?<\/strong><\/p>\n<p>More information is available\u00a0<a href=\"http:\/\/sse-blog.ec-spride.de\/android\/flowdroid\/\">here<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In our new technical report Highly Precise Taint Analysis for Android Applications\u00a0we present our new tool FlowDroid\u00a0which implements a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Furthermore, we also created an Android benchmark suite, &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2013\/05\/10\/announcing-flowdroid\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,41,71],"tags":[91,151],"class_list":["post-17","post","type-post","status-publish","format-standard","hentry","category-android","category-research-paper","category-static-analysis","tag-android-security","tag-static-analysis"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/17","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=17"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/17\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=17"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=17"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=17"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}