Sciweavers

OOPSLA
2015
Springer

Interactively verifying absence of explicit information flows in Android apps

8 years 8 months ago
Interactively verifying absence of explicit information flows in Android apps
App stores are increasingly the preferred mechanism for distributing software, including mobile apps (Google Play), desktop apps (Mac App Store and Ubuntu Software Center), computer games (the Steam Store), and browser extensions (Chrome Web Store). The centralized nature of these stores has important implications for security. While app stores have unprecedented ability to audit apps, users now trust hosted apps, making them more vulnerable to malware that evades detection and finds its way onto the app store. Sound static explicit information flow analysis has the potential to significantly aid human auditors, but it is handicapped by high false positive rates. Instead, auditors currently rely on a combination of dynamic analysis (which is unsound) and lightweight static analysis (which cannot identify information flows) to help detect malicious behaviors. We propose a process for producing apps certified to be free of malicious explicit information flows. In practice, impreci...
Osbert Bastani, Saswat Anand, Alex Aiken
Added 16 Apr 2016
Updated 16 Apr 2016
Type Journal
Year 2015
Where OOPSLA
Authors Osbert Bastani, Saswat Anand, Alex Aiken
Comments (0)