Systematic Mutation-based Evaluation of the Soundness of Security-focused Android Static Analysis Techniques

by   Amit Seal Ami, et al.

Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance and are hence soundy. Unfortunately, the specific unsound choices or flaws in the design of these tools is often not known or well-documented, leading to misplaced confidence among researchers, developers, and users. This paper describes the Mutation-based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded practice of mutation analysis. We implemented μSE and applied it to a set of prominent Android static analysis tools that detect private data leaks in apps. In a study conducted previously, we used μSE to discover 13 previously undocumented flaws in FlowDroid, one of the most prominent data leak detectors for Android apps. Moreover, we discovered that flaws also propagated to other tools that build upon the design or implementation of FlowDroid or its components. This paper substantially extends our μSE framework and offers an new in-depth analysis of two more major tools in our 2020 study, we find 12 new, undocumented flaws and demonstrate that all 25 flaws are found in more than one tool, regardless of any inheritance-relation among the tools. Our results motivate the need for systematic discovery and documentation of unsound choices in soundy tools and demonstrate the opportunities in leveraging mutation testing in achieving this goal.


Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation

Mobile application security has been one of the major areas of security ...

μSE: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android

This demo paper presents the technical details and usage scenarios of μS...

A Systematical Study on Application Performance Management Libraries for Apps

Being able to automatically detect the performance issues in apps can si...

Do Android Taint Analysis Tools Keep their Promises?

In recent years, researchers have developed a number of tools to conduct...

Mobile-App Analysis and Instrumentation Techniques Reimagined with DECREE

A large number of mobile-app analysis and instrumentation techniques hav...

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques

The correct use of cryptography is central to ensuring data security in ...

Please sign up or login with your details

Forgot password? Click here to reset