Xiang Pan, Google Inc./Northwestern University; Yinzhi Cao, The Johns Hopkins University/Lehigh University; Xuechao Du and Boyuan He, Zhejiang University; Gan Fang, Palo Alto Networks; Yan Chen, Zhejiang University/Northwestern University
Android apps having access to private information may be legitimate, depending on whether the app provides users enough semantics to justify the access. Existing works analyzing app semantics are coarse-grained, staying on the app-level. That is, they can only identify whether an app, as a whole, should request a certain permission, but cannot answer whether a specific app behavior under certain runtime context, such as an information flow, is correctly justified.
To address this issue, we propose FlowCog, an automated, flow-level system to extract flow-specific semantics and correlate such semantics with given information flows. Particularly, FlowCog statically finds all the Android views that are related to the given flow via control or data dependencies, and then extracts semantics, such as texts and images, from these views and associated layouts. Next, FlowCog adopts a natural language processing (NLP) approach to infer whether the extracted semantics are correlated with the given flow. FlowCog is open-source and available at https://github.com/SocietyMaster/FlowCog. Our evaluation shows that FlowCog can achieve a precision of 90.1% and a recall of 93.1%.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Xiang Pan and Yinzhi Cao and Xuechao Du and Boyuan He and Gan Fang and Rui Shao and Yan Chen},
title = {{FlowCog}: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps},
booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
year = {2018},
isbn = {978-1-939133-04-5},
address = {Baltimore, MD},
pages = {1669--1685},
url = {https://www.usenix.org/conference/usenixsecurity18/presentation/pan},
publisher = {USENIX Association},
month = aug
}