Research Article
Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling and Callbacks
@ARTICLE{10.4108/eai.7-12-2017.153394, author={Yongfeng Li and Jinbing Ouyang and Bing Mao and Kai Ma and Shanqing Guo}, title={Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling and Callbacks}, journal={EAI Endorsed Transactions on Security and Safety}, volume={4}, number={11}, publisher={EAI}, journal_a={SESA}, year={2017}, month={12}, keywords={Data Flow, Fragment, Android, Program Analysis}, doi={10.4108/eai.7-12-2017.153394} }
- Yongfeng Li
Jinbing Ouyang
Bing Mao
Kai Ma
Shanqing Guo
Year: 2017
Data Flow Analysis on Android Platform with Fragment Lifecycle Modeling and Callbacks
SESA
EAI
DOI: 10.4108/eai.7-12-2017.153394
Abstract
Smartphones carry a large quantity of sensitive information to satisfy people’s various requirements, but the way of using information is important to keep the security of users’ privacy. There are two kinds of misuses of sensitive information for apps. On the one hand, careless programmers may leak the data by accident. On the other hand, the attackers develop malware to collect sensitive data intentionally. Many researchers apply data flow analysis to detect data leakages of an app. However, data flow analysis on Android platform is quite different from the programs on desktop. Many researchers have solved some problems of data flow analysis on Android platform, like Activity lifecycle, callback methods, inter-component communication. We find that Fragment’s lifecycle also has an effect on the data flow analysis of Android apps. Some data will be leaked if we don’t take Fragment’s lifecycle into consideration when performing data flow analysis in Android apps. So in this paper, we propose an approach to model Fragment’s lifecycle and its relationship with Activity’s lifecycle, then introduce a tool called FragDroid based on FlowDroid [7]. We conduct some experiments to evaluate the effectiveness of our tool and the results show that there are 8% of apps in our data set using Fragment. In particular, for popular apps, the result is 50.8%. We also evaluate the performance of using FragDroid to analyze Android apps, the result shows the average overhead is 17%.
Copyright © 2017 Yongfeng Li et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.