StubDroid: Automatic Inference of Precise Data-Flow Summaries for the Android Framework

Abstract

Smartphone users suffer from insucient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library. In most cases, the existence of those models is taken for granted, despite the fact that the models are hard to come by: Given the size and evolution speed of a modern smartphone operating system it is prohibitively expensive to derive models manually from code or documentation. In this work, we therefore present StubDroid, the first fully automated approach for inferring precise and efficient library models for taint-analysis problems. StubDroid automatically constructs these summaries from a binary distribution of the library. In our experiments, we use StubDroid-inferred models to prevent the static taint analysis FlowDroid from having to re-analyze the Android runtime library over and over again for each analyzed app. As the results show, the models make it possible to analyze apps in seconds whereas most complete re-analyses would time out after 30 minutes. Yet, StubDroid yields comparable precision. In comparison to manually crafted summaries, StubDroid's cause the analysis to be more precise and to use less time and memory.