Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling and Callbacks

Authors

DOI:

https://doi.org/10.4108/eai.7-12-2017.153394

Keywords:

Data Flow, Fragment, Android, Program Analysis

Abstract

Smartphones carry a large quantity of sensitive information to satisfy people’s various requirements, but the way of using information is important to keep the security of users’ privacy. There are two kinds of misuses of sensitive information for apps. On the one hand, careless programmers may leak the data by accident. On the other hand, the attackers develop malware to collect sensitive data intentionally. Many researchers apply data flow analysis to detect data leakages of an app. However, data flow analysis on Android platform is quite different from the programs on desktop. Many researchers have solved some problems of data flow analysis on Android platform, like Activity lifecycle, callback methods, inter-component communication. We find that Fragment’s lifecycle also has an effect on the data flow analysis of Android apps. Some data will be leaked if we don’t take Fragment’s lifecycle into consideration when performing data flow analysis in Android apps. So in this paper, we propose an approach to model Fragment’s lifecycle and its relationship with Activity’s lifecycle, then introduce a tool called FragDroid based on FlowDroid [7]. We conduct some experiments to evaluate the effectiveness of our tool and the results show that there are 8% of apps in our data set using Fragment. In particular, for popular apps, the result is 50.8%. We also evaluate the performance of using FragDroid to analyze Android apps, the result shows the average overhead is 17%.

Downloads

Published

07-12-2017

How to Cite

Li, Y. ., Ouyang, J. ., Mao, B. ., Ma, K. ., & Guo, S. . (2017). Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling and Callbacks. EAI Endorsed Transactions on Security and Safety, 4(11), e2. https://doi.org/10.4108/eai.7-12-2017.153394

Funding data