DroidTest: Testing Android Applications for Leakage of Private Information

Smartphones have become a basic necessity in recent years, and a large portion of users are using them for storing private data such as personal contacts and performing sensitive operations such as financial transactions. As a result, there is a high incentive for attackers to compromise these devices. Researchers have also found that there are indeed many malicious applications on official or unofficial Android markets, and a large fraction of them steal private user data once they are installed on smartphones. In this paper, we propose a novel method to test Android applications for the leakage of private data. Our method reuses existing test cases, produced either manually or automatically, and converts each of them into a set of new correlated test cases. The property of these correlated test cases is such thatthey will trigger the same result in our system if there is no leakage of private data. As a result, the leakage of information can be detected if we observe different outputs from executions under correlated inputs. We have evaluated our system on an Android malware dataset and the top 50 free applications on official Android market. The result shows that our tool can effectively and efficiently detect leakage of private data.