Ripple: Reflection analysis for Android apps in incomplete information environments. (19th April 2018)
- Record Type:
- Journal Article
- Title:
- Ripple: Reflection analysis for Android apps in incomplete information environments. (19th April 2018)
- Main Title:
- Ripple: Reflection analysis for Android apps in incomplete information environments
- Authors:
- Zhang, Yifei
Li, Yue
Tan, Tian
Xue, Jingling - Abstract:
- Summary: Reflection poses grave problems for static security analysis, despite its widespread use in Android apps. In general, string inference has been mainly used to handle reflection, resulting in significantly missed security vulnerabilities. In this work, we bring forward the ubiquity of incomplete information environments (IIEs) for Android apps, where some critical dataflows are missing during static analysis and the need for resolving reflective calls under IIEs. We presentRipple, the first IIE‐aware static reflection analysis for Android apps that resolves reflective calls more soundly than string inference. Validation with 17 popular Android apps from Google Play demonstrates the effectiveness ofRipple in discovering reflective targets with a low false positive rate (due to its trade‐off made among soundness, precision, and scalability). As a result, Ripple enablesFlowDroid, a taint analysis for Android apps, to find hundreds of sensitive data leakages that would otherwise be missed. As a fundamental analysis, Ripple will be valuable for many security analysis clients, since more program behaviors can now be analyzed under IIEs.
- Is Part Of:
- Software, practice & experience. Volume 48:Number 8(2018)
- Journal:
- Software, practice & experience
- Issue:
- Volume 48:Number 8(2018)
- Issue Display:
- Volume 48, Issue 8 (2018)
- Year:
- 2018
- Volume:
- 48
- Issue:
- 8
- Issue Sort Value:
- 2018-0048-0008-0000
- Page Start:
- 1419
- Page End:
- 1437
- Publication Date:
- 2018-04-19
- Subjects:
- Android -- pointer analysis -- reflection analysis
Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.2577 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 6999.xml