Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation

by   Richard Bonett, et al.

Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance, and are hence soundy. Unfortunately, the specific unsound choices or flaws in the design of these tools are often not known or well-documented, leading to a misplaced confidence among researchers, developers, and users. This paper proposes the Mutation-based soundness evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded practice of mutation analysis. We implement μSE as a semi-automated framework, and apply it to a set of prominent Android static analysis tools that detect private data leaks in apps. As the result of an in-depth analysis of one of the major tools, we discover 13 undocumented flaws. More importantly, we discover that all 13 flaws propagate to tools that inherit the flawed tool. We successfully fix one of the flaws in cooperation with the tool developers. Our results motivate the urgent need for systematic discovery and documentation of unsound choices in soundy tools, and demonstrate the opportunities in leveraging mutation testing in achieving this goal.


page 1

page 2

page 3

page 4


Systematic Mutation-based Evaluation of the Soundness of Security-focused Android Static Analysis Techniques

Mobile application security has been a major area of focus for security ...

μSE: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android

This demo paper presents the technical details and usage scenarios of μS...

Are Free Android App Security Analysis Tools Effective in Detecting Known Vulnerabilities?

Increasing interest to secure Android ecosystem has spawned numerous eff...

Enabling Mutation Testing for Android Apps

Mutation testing has been widely used to assess the fault-detection effe...

A Systematic Study of Android Non-SDK (Hidden) Service API Security

Android allows apps to communicate with its system services via system s...

DexLego: Reassembleable Bytecode Extraction for Aiding Static Analysis

The scale of Android applications in the market is growing rapidly. To e...

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques

The correct use of cryptography is central to ensuring data security in ...

Please sign up or login with your details

Forgot password? Click here to reset