SCanDroid: Automated Security Certification of Android

Loading...
Thumbnail Image

Files

CS-TR-4991.pdf (392.5 KB)
No. of downloads: 1644

Publication or External Link

Date

2009-11-20

Advisor

Citation

DRUM DOI

Abstract

Android is a popular mobile-device platform developed by Google. Android’s application model is designed to encourage applications to share their code and data with other applications. While such sharing can be tightly controlled with permissions, in general users cannot determine what applications will do with their data, and thereby cannot decide what permissions such applications should run with. In this paper we present SCANDROID, a tool for reasoning automatically about the security of Android applications. SCanDroid’s analysis is modular to allow incremental checking of applications as they are installed on an Android device. It extracts security specifications from manifests that accompany such applications, and checks whether data flows through those applications are consistent with those specifications. To our knowledge, SCanDroid is the first program analysis tool for Android, and we expect it to be useful for automated security certification of Android applications.

Notes

Rights