Skip to content

LibDroid: Summarizing information flow of Android Native Libraries via Static Analysis

Conference/Workshop:
Proceedings of the 22nd Annual DFRWS USA
Published: 2022
Primary Author: Chen Shi
Secondary Authors: Chris Chao-Chun Cheng, Yong Guan
Research Area: Digital

With advancements in technology, people are taking advantage of mobile devices to access e-mails, search the web, and video chat. Therefore, extracting evidence from mobile phones is an important component of the investigation process. As Android app developers could leverage existing native libraries to implement a part of the program, evidentiary data are generated and stored by these native libraries. However, current state-of-art Android static analysis tools, such as FlowDroid (Arzt et al., 2014), Evihunter (Cheng et al., 2018), DroidSafe (Gordon et al., 2015) and CHEX (Lu et al., 2012) adopt the conservative approach for data-flow analysis on native method invocation. None of those tools have the capability to capture the data-flow within native libraries. In this work, we propose a new approach to conduct native data-flow analysis for security vetting of Android native libraries and build an analysis framework, called LibDroid to compute data-flow and summarize taint propagation for Android native libraries. The common question app users and developers often face is whether certain native libraries contain hidden functions or utilize user private information. LibDroid aims to answer this question. Therefore, we build a precise and efficient data-flow analysis with the support of SummarizeNativeMethod algorithm, and pre-compute an Android Native Libraries Database (ANLD) for 13,138 native libraries collected from 2,627 real-world Android applications. The ANLD includes the taint propagation summary of each native method and potential evidentiary data generated or stored within the native library. We evaluate LibDroid on 52 open-source native libraries and 2,627 real-world apps. Our results show that LibDroid can precisely summarize the information flow within the native libraries.

Related Resources

Evaluating Reference Sets for Score-Based Likelihood Ratios for Camera Device Identification

Evaluating Reference Sets for Score-Based Likelihood Ratios for Camera Device Identification

An investigator wants to know if an illicit image captured by an unknown camera was taken by a person of interest’s (POI’s) phone. Score-based likelihood ratios (SLRs) have been used…
Likelihood Ratios for Categorical Evidence with Applications to Digital Forensics

Likelihood Ratios for Categorical Evidence with Applications to Digital Forensics

In forensic investigations, the goal of evidence evaluation is often to address source-/identity-based questions in which the evidence consists of two sets of observations: one from an unknown source tied…
Automatic Detection of Android Steganography Apps via Symbolic Execution and Tree Matching

Automatic Detection of Android Steganography Apps via Symbolic Execution and Tree Matching

The recent focus of cyber security on automated detection of malware for Android apps has omitted the study of some apps used for “legitimate” purposes, such as steganography apps. Mobile…
Tutorial on Likelihood Ratios with Applications in Digital Forensics

Tutorial on Likelihood Ratios with Applications in Digital Forensics

This CSAFE webinar was held on September 15, 2022. Presenters: Rachel Longjohn PhD Student – Department of Statistics, University of California, Irvine Dr. Padhraic Smyth Chancellor’s Professor – Departments of…