Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada

In recent years, sensitive data leaks of Android system attracted significant attention. The traditional tools for detecting leaks usually focus on the precision and recall of the result with few of them addressing the importance of the efficiency. The high cost of these tools often make them fail in analyzing apps in large scale and thus block them from wide usage in practice. In this paper, we propose FastDroid, an efficient and precise tool for detecting sensitive data leaks in Android apps. First, a flow-insensitive taint analysis is conducted to construct the taint value graph (TVG) which is defined to describe the process of taint propagation. Then, potential taint flows (PTFs) are extracted from TVG. Finally, the PTFs are checked on the control flow graph (CFG) to acquire the real taint flows. FastDroid is evaluated on three test suites. The results show that FastDroid maintains a high precision and recall; meanwhile it improves the efficiency significantly.