Tool Selection and Configurations
Tool Selection
Besides using FlowDroid, Amandroid, and DroidSafe, we performed a systematic literature review identifying relevant papers published between January 2016 and December 2020. We identified 41 papers related to static taint analysis. The availability and applicability are listed in the following table. The tool we included (DroidRA) is highlighted in blue.
| ID | Year | Title | Included/Excluded? | Reason |
|---|---|---|---|---|
| 1 | 2020 | DroidRista: a highly precise static data flow analysis framework for android applications | Excluded | We contacted the authors for source code but there was no response. |
| 2 | 2020 | Borrowing your enemy's arrows: the case of code reuse in Android via direct inter-app code invocation | Excluded | This tool is designed for detecting IAC flows only. |
| 3 | 2020 | FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware | Excluded | We contacted the authors for source code but there was no response. |
| 4 | 2020 | Broadening Horizons of Multilingual Static Analysis: Semantic Summary Extraction from C Code for JNI Program Analysis | Excluded | This tool is designed for performaing native code analysis. |
| 5 | 2020 | Compositional Taint Analysis of Native Codes for Security Vetting of Android Applications | Excluded | This tool is designed for performaing native code analysis. |
| 6 | 2020 | Improving Taint Analysis of Android Applications Using Finite State Machines | Excluded | The authors explicitly informed us that the tool is not open-source. |
| 7 | 2020 | Inter-Language Static Analysis for Android Application Security | Excluded | This tool is designed for performaing native code analysis. |
| 8 | 2019 | IIFA: modular inter-app intent information flow analysis of android applications | Excluded | The authors explicitly informed us that the tool is not open-source. |
| 9 | 2019 | Specifying callback control flow of mobile apps using Finite Automata | Excluded | We contacted the authors for source code but there was no response. |
| 10 | 2019 | Performance-boosting sparsification of the IFDS algorithm with applications to taint analysis | Excluded | The authors explicitly informed us that the tool is not open-source. |
| 11 | 2019 | FastDroid: efficient taint analysis for Android applications | Excluded | The authors explicitly informed us that the tool is not open-source. |
| 12 | 2019 | A scalable, flow-and-context-sensitive taint analysis of android applications | Excluded | The authors explicitly informed us that the tool is not open-source. |
| 13 | 2019 | PILDroid: A System for Detecting the Leakage of Privacy Information using the JNI | Excluded | This tool is designed for performaing native code analysis. |
| 14 | 2019 | A Static Detection of Inter-Component Communication Vulnerability in Android Application | Excluded | The authors explicitly informed us that the tool is not open-source. |
| 15 | 2019 | APPLADroid: Automaton Based Inter-app Privacy Leak Analysis for Android | Excluded | This tool is designed for detecting IAC flows only. |
| 16 | 2018 | Jn-saf: Precise and efficient ndk/jni-aware inter-language static analysis framework for security vetting of android applications with native code | Excluded | This tool is designed for performaing native code analysis. |
| 17 | 2018 | Ripple: Reflection analysis for Android apps in incomplete information environments | Excluded | This tool is built on top of a nightly build of FlowDroid between version 1.0 and 1.5 in 2016, which is not supported by the authors of FlowDroid anymore. We contacted the authors of Ripple to check if they can provide a latest solution with newer FlowDroid but we did not have their response. |
| 18 | 2018 | Identifying mobile inter-app communication risks | Excluded | This tool is designed for detecting IAC flows only. |
| 19 | 2018 | Lifting inter-app data-flow analysis to large app sets | Excluded | This tool is designed for detecting IAC flows only. |
| 20 | 2018 | SDLI: static detection of leaks across intents | Excluded | This tool is designed for detecting IAC flows only. |
| 21 | 2018 | Detecting privacy leaks in Android apps using inter-component information flow control analysis | Excluded | We contacted the authors for source code but there was no response. |
| 22 | 2018 | Practical precise taint-flow static analysis for android app sets | Excluded | This tool is designed for detecting IAC flows only. |
| 23 | 2018 | A Static Analysis Model for Implicit Information Leakage in Android Application | Excluded | This tool is designed for detecting implicit flows. |
| 24 | 2017 | Collusive data leak and more: Large-scale threat analysis of inter-app communications | Excluded | This tool is designed for detecting IAC flows only. |
| 25 | 2017 | Precisely and scalably vetting javascript bridge in android hybrid apps | Excluded | This tool is for detecting flows between Java and JavaScript. |
| 26 | 2017 | Detecting Inter-App Information Leakage Paths | Excluded | This tool is designed for detecting IAC flows only. |
| 27 | 2017 | Sneakleak: Detecting multipartite leakage paths in android apps | Excluded | This tool is designed for detecting IAC flows only. |
| 28 | 2017 | Sniffdroid: Detection of inter-app privacy leaks in android | Excluded | This tool is designed for detecting IAC flows only. |
| 29 | 2017 | SEALANT: A detection and visualization tool for inter-app security vulnerabilities in androic | Excluded | This tool is designed for detecting IAC flows only. |
| 30 | 2017 | Contextual approach for identifying malicious Inter-Component privacy leaks in Android apps | Excluded | We contacted the authors for source code but there was no response. |
| 31 | 2017 | Linkflow: Efficient large-scale inter-app privacy leakage detection | Excluded | This tool is designed for detecting IAC flows only. |
| 32 | 2017 | Improving Leakage Path Coverage in Android Apps | Excluded | This tool is designed for detecting IAC flows only. |
| 33 | 2017 | An Improved Android Collusion Attack Detection Method Based on Program Slicing | Excluded | This tool is designed for detecting IAC flows only. |
| 34 | 2016 | Droidra: Taming reflection to support whole-program analysis of android apps | Included | |
| 35 | 2016 | HybriDroid: static analysis framework for Android hybrid applications | Excluded | This tool is for detecting flows between Java and JavaScript. |
| 36 | 2016 | HornDroid: Practical and sound static analysis of Android applications by SMT solving | Excluded | This tool only reports sinks for each flow and it requires extra engineering efforts to match sources to sinks to form complete flows. |
| 37 | 2016 | Dexteroid: Detecting malicious behaviors in android apps using reverse-engineered life cycle models | Excluded | We contacted the authors for source code but there was no response. |
| 38 | 2016 | R-droid: Leveraging android app analysis with static slice optimization | Excluded | We contacted the authors for source code but there was no response. |
| 39 | 2016 | Android security analysis based on inter-application relationships | Excluded | This tool is designed for detecting IAC flows only. |
| 40 | 2016 | DAPA: degradation-aware privacy analysis of android apps | Excluded | Confirmed by the authors, this tool is not able to handle Java and Android library methods unless the users manual analyze and replace library methods in the source code of the apps to the format the tool understands. It is impractical to manually replace all methods in the large numbers of benchmark apps and complicated real apps. |
| 41 | 2016 | Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling | Excluded | We contacted the authors for source code but there was no response. |
Tool Configurations
We described how we chose the tool configurations for each tool in detail in Section 3.2 of our paper.
We also provided the list of sources and sinks for benchmarks and Google Play apps.