English

$\mu$Dep: Mutation-based Dependency Generation for Precise Taint Analysis on Android Native Code

Cryptography and Security 2022-03-01 v2

Abstract

The existence of native code in Android apps plays an important role in triggering inconspicuous propagation of secrets and circumventing malware detection. However, the state-of-the-art information-flow analysis tools for Android apps all have limited capabilities of analyzing native code. Due to the complexity of binary-level static analysis, most static analyzers choose to build conservative models for a selected portion of native code. Though the recent inter-language analysis improves the capability of tracking information flow in native code, it is still far from attaining similar effectiveness of the state-of-the-art information-flow analyzers that focus on non-native Java methods. To overcome the above constraints, we propose a new analysis framework, μ\muDep, to detect sensitive information flows of the Android apps containing native code. In this framework, we combine a control-flow based static binary analysis with a mutation-based dynamic analysis to model the tainting behaviors of native code in the apps. Based on the result of the analyses, μ\muDep conducts a stub generation for the related native functions to facilitate the state-of-the-art analyzer DroidSafe with fine-grained tainting behavior summaries of native code. The experimental results show that our framework is competitive on the accuracy, and effective in analyzing the information flows in real-world apps and malware compared with the state-of-the-art inter-language static analysis.

Keywords

Cite

@article{arxiv.2112.06702,
  title  = {$\mu$Dep: Mutation-based Dependency Generation for Precise Taint Analysis on Android Native Code},
  author = {Cong Sun and Yuwan Ma and Dongrui Zeng and Gang Tan and Siqi Ma and Yafei Wu},
  journal= {arXiv preprint arXiv:2112.06702},
  year   = {2022}
}
R2 v1 2026-06-24T08:15:06.074Z