Value-utilized taint propagation: toward precise detection of apps’ information flows across Android API calls

Android security researchers utilize taint analysis to uncover apps’ bugs and policy-violating behaviors. However, the investigations are unsafe because current taint trackers can be circumvented by apps that cause information flows across API calls. A context-tainting tracker (CTT) is devised to tackle the problem, but since the technique relies on a hand-picked list of flow-causing API methods, it will miss information flows when unlisted methods are exploited. It can also produce a large number of false positives and cannot be practically used. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to track them with reducing the dependency on the list of API methods. We implemented our approach into our taint tracker called VTDroid. We confirmed its effectiveness with our test suite consisting of 31 anti-taint analysis techniques compared to three current tools: CTT, TaintDroid, and FlowDroid. We also evaluated VTDroid and the current tools with popular apps collected from two major app stores. The results show that VTDroid outperforms CTT in precision and TaintDroid and FlowDroid in recall for privacy leak detection. Also, security analysts can utilize VTDroid to detect user input validations with slightly more false positives and fewer false negatives than FlowDroid in VTDroid’s code coverage.