Download

File

2022-Shi-LibDroidSummarizing.pdf (1.12 MB)

Date

2022-07

Authors

Shi, Chen

Cheng, Chris Chao-Chun

Guan, Yong

Major Professor

Advisor

Committee Member

Journal Title

Journal ISSN

Volume Title

Publisher

© 2022 The Authors

Abstract

With advancements in technology, people are taking advantage of mobile devices to access e-mails, search the web, and video chat. Therefore, extracting evidence from mobile phones is an important component of the investigation process. As Android app developers could leverage existing native libraries to implement a part of the program, evidentiary data are generated and stored by these native libraries. However, current state-of-art Android static analysis tools, such as FlowDroid (Arzt et al., 2014), Evihunter (Cheng et al., 2018), DroidSafe (Gordon et al., 2015) and CHEX (Lu et al., 2012) adopt the conservative approach for data-flow analysis on native method invocation. None of those tools have the capability to capture the data-flow within native libraries. In this work, we propose a new approach to conduct native data-flow analysis for security vetting of Android native libraries and build an analysis framework, called LibDroid to compute data-flow and summarize taint propagation for Android native libraries. The common question app users and developers often face is whether certain native libraries contain hidden functions or utilize user private information. LibDroid aims to answer this question. Therefore, we build a precise and efficient data-flow analysis with the support of SummarizeNativeMethod algorithm, and pre-compute an Android Native Libraries Database (ANLD) for 13,138 native libraries collected from 2,627 real-world Android applications. The ANLD includes the taint propagation summary of each native method and potential evidentiary data generated or stored within the native library. We evaluate LibDroid on 52 open-source native libraries and 2,627 real-world apps. Our results show that LibDroid can precisely summarize the information flow within the native libraries.

Series Number

Journal Issue

Is Version Of

Versions

Series

Academic or Administrative Unit

Center for Statistics and Applications in Forensic Evidence

Department of Electrical and Computer Engineering

Type

Presentation

Comments

This proceeding is published as Shi, Chen, Chris Chao-Chun Cheng, and Yong Guan. "LibDroid: Summarizing information flow of android native libraries via static analysis." Forensic Science International: Digital Investigation 42 (2022): 301405. doi:10.1016/j.fsidi.2022.301405. Proceedings of the Twenty-Second Annual DFRWS USA. Posted with permission of CSAFE.

This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Rights Statement

Copyright

Funding

Subject Categories

Forensic Science and Technology

Keywords

Android Native Library, Mobile App Forensics, Taint Analysis

DOI

Permanent Link

https://dr.lib.iastate.edu/handle/20.500.12876/gwW7DVNw

Supplemental Resources

Source

https://doi.org/10.1016/j.fsidi.2022.301405

Collections

Conference Proceedings and Presentations