MIP-1504

Paper Description: MIP-1504
BibTeX entry:
@incollection{MIP-1504,
author={A. von Rhein, T. Berger, N. Schalck Johansson, M. M. Hardo, S. Apel},
title={{Lifting Inter-App Data-Flow Analysis to Large App Sets}},
institution={{Fakult{\¨a}t f{\¨u}r Informatik und Mathematik, Universit{\¨a}t Passau}},
year={2015},
number={MIP-1504}
}

Abstract:
Mobile apps process increasing amounts of private data, giving rise to privacy concerns. Such concerns do not only arise from single apps, which might— accidentally or intentionally — leak private information to untrusted parties, but also from multiple apps communicating with each other. Certain combinations of apps can create critical data flows not detectable by analyzing single apps individually. While sophisticated
tools exist to analyze data flows inside and across apps, none of these scale to large numbers of apps, given the combinatorial explosion of possible (inter-app) data flows. We present a scalable approach to analyze data flows across Android apps. At the heart of our approach is a graph-based data structurethat represents inter-app flows Following ideas from productline analysis, the structure exploits redundancies among flows
and thereby prevents the combinatorial explosion. Insteadof focusing on specific installations of app sets on mobile devices, we lift traditional data-flow analysis approaches toanalyze and represent data flows of all possible combinations of apps. We developed the tool Sifta and applied itto several existing app benchmarks and real-word app sets, demonstrating its scalability while maintaining reasonableaccuracy.

Paper itself:

• MIP-1504