SCanDroid: Automated Security Certification of Android
SCanDroid: Automated Security Certification of Android
Loading...
Files
Publication or External Link
Date
2009-11-20
Authors
Fuchs, Adam P.
Chaudhuri, Avik
Foster, Jeffrey S.
Advisor
Citation
DRUM DOI
Abstract
Android is a popular mobile-device platform developed by Google.
Android’s application model is designed to encourage applications to
share their code and data with other applications. While such sharing
can be tightly controlled with permissions, in general users cannot
determine what applications will do with their data, and thereby cannot
decide what permissions such applications should run with. In this paper
we present SCANDROID, a tool for reasoning automatically about the
security of Android applications. SCanDroid’s analysis is modular to
allow incremental checking of applications as they are installed on an
Android device. It extracts security specifications from manifests that
accompany such applications, and checks whether data flows through those
applications are consistent with those specifications. To our knowledge,
SCanDroid is the first program analysis tool for Android, and we expect
it to be useful for automated security certification of Android
applications.