Static detection of dangerous behaviors in android apps

Abstract

This paper presents a scheme to detect dangerous behaviors in Android apps. In order to identify different kinds of dangerous behaviors, we designed two analysis engines. On the one hand, taint analysis engine mainly detects privacy leak by tracking how user's sensitive data is used by an app; On the other hand, constant analysis engine focuses on the constant information in an app to identify other dangerous behaviors such as SP services ordering, phone bill consuming, and so on. We have implemented these two engines in a system called Apk Risk Analyzer which identifies the dangerous behaviors by simulating the running process of an Android app statically. Furthermore, we analyzed 1260 malicious apps and found out dangerous behaviors in 1246 (98.9%) apps. Then we downloaded 630 normal apps from Google Play and identified dangerous behaviors in 575(91.3%) apps. These results demonstrate the effectiveness of Apk Risk Analyzer. © Springer International Publishing Switzerland 2013.