A Model Guided Security Analysis Approach for Android Applications

Revealing security vulnerabilities is one of great challenges for the Android ecosystem. Static analysis is the usual approach of the security analysis for computer software. However, it is undirected and time-consuming for the common static analysis methods to analyze the entire Android application systematically from the main entry point. In order to adapt to the event-driven feature of Android applications, a model guided security analysis approach for Android applications is introduced and implemented into the prototype tool MSAS. This approach builds and utilizes the Operation Security Model to guide the targeted analysis process, and then concentrate on the identified analysis surface to reduce analysis workload, thereby achieving fast analysis speed and on-demand code coverage based on the security rules. The test result shows that this approach can improve the efficiency and effect of security analysis for Android applications, and it has revealed 11 security vulnerabilities by analyzing several popular Android applications.