{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,12]],"date-time":"2025-03-12T04:29:54Z","timestamp":1741753794266,"version":"3.38.0"},"reference-count":42,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2023,11,28]],"date-time":"2023-11-28T00:00:00Z","timestamp":1701129600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2024,6,17]]},"abstract":"<jats:p> This paper presents the design and implementation of a systematic Inter-Component Communications (ICCs) dynamic Analysis Technique (SIAT) for detecting privacy-sensitive data leak threats. SIAT\u2019s specific approach involves the identification of malicious ICC patterns by actively tracing both data flows and implicit control flows within ICC processes during runtime. This is achieved by utilizing the taint tagging methodology, a technique utilized by TaintDroid. As a result, it can discover the malicious intent usage pattern and further resolve the coincidental malicious ICCs and bypass cases without incurring performance degradation. SIAT comprises two key modules: Monitor and Analyzer. The Monitor makes the first attempt to revise the taint tag approach named TaintDroid by developing the built-in intent service primitives to help Android capture the intent-related taint propagation at multi-level for malicious ICC detection. Specifically, we enable the Monitor to perform systemwide tracking of intent with five abstraction functionalities embedded in the interactive workflow of components. By analyzing the taint logs offered by the Monitor, the Analyzer can build the accurate and integrated ICC patterns adopted to identify the specific leak threat patterns with the identification algorithms and predefined rules. Meanwhile, we employ the patterns\u2019 deflation technique to improve the efficiency of the Analyzer. We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on a particular dataset consisting of well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25% \u223c200% accuracy improvements with 1.0 precision and 0.98 recall at negligible runtime overhead. Apart from that, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market. <\/jats:p>","DOI":"10.3233\/jcs-220044","type":"journal-article","created":{"date-parts":[[2023,11,28]],"date-time":"2023-11-28T16:46:14Z","timestamp":1701189974000},"page":"291-317","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":0,"title":["SIAT: A systematic inter-component communication real-time analysis technique for detecting data leak\u00a0threats\u00a0on Android"],"prefix":"10.1177","volume":"32","author":[{"given":"Yupeng","family":"Hu","sequence":"first","affiliation":[{"name":"The Department of Computer Science and Electronic Engineering, Hunan University, Changsha, Hunan, China"}]},{"given":"Wenxin","family":"Kuang","sequence":"additional","affiliation":[{"name":"The Department of Computer Science and Electronic Engineering, Hunan University, Changsha, Hunan, China"}]},{"given":"Jin","family":"Zhe","sequence":"additional","affiliation":[{"name":"China Tobacco Hunan Industrial Co., Ltd., Changsha, Hunan, China"}]},{"given":"Wenjia","family":"Li","sequence":"additional","affiliation":[{"name":"The Department of Computer Science, New York Institute of Technology, New York, USA"}]},{"given":"Keqin","family":"Li","sequence":"additional","affiliation":[{"name":"The Department of computer science, State University of New York, New York, USA"}]},{"given":"Jiliang","family":"Zhang","sequence":"additional","affiliation":[{"name":"The Department of Computer Science and Electronic Engineering, Hunan University, Changsha, Hunan, China"}]},{"given":"Qiao","family":"Hu","sequence":"additional","affiliation":[{"name":"The Department of Computer Science and Electronic Engineering, Hunan University, Changsha, Hunan, China"}]}],"member":"179","published-online":{"date-parts":[[2023,11,28]]},"reference":[{"key":"ref001","unstructured":"S.\u00a0Arzt, Droidbench-iccta, https:\/\/github.com\/secure-software-engineering\/DroidBench\/tree\/iccta."},{"key":"ref002","unstructured":"S.\u00a0Arzt, Droidbench3.0, https:\/\/github.com\/secure-software-engineering\/DroidBench."},{"key":"ref003","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2015.2419611"},{"key":"ref004","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.69"},{"key":"ref005","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.07.002"},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"A.\u00a0Bosu, F.\u00a0Liu, D.D.\u00a0Yao and G.\u00a0Wang, Collusive data leak and more: Large-scale threat analysis of inter-app communications, in: Proceedings of the 2017 ACM on AsiaCCS, ACM, 2017, pp.\u00a071\u201385.","DOI":"10.1145\/3052973.3053004"},{"key":"ref007","unstructured":"S.\u00a0Bugiel, L.\u00a0Davi, A.\u00a0Dmitrienko, T.\u00a0Fischer and A.R.\u00a0Sadeghi, Xmandroid: A new android evolution to mitigate privilege escalation attacks, Technische Universit\u00e4t Darmstadt, Technical Report TR-2011-04, 2011."},{"key":"ref008","unstructured":"S.\u00a0Bugiel, S.\u00a0Heuser and A.R.\u00a0Sadeghi, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies, in: Presented as Part of the 22nd USENIX Security Symposium, 2013, pp.\u00a0131\u2013146."},{"key":"ref009","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2879302"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"A.\u00a0Continella, Y.\u00a0Fratantonio, M.\u00a0Lindorfer, A.\u00a0Puccetti, A.\u00a0Zand, C.\u00a0Kruegel and G.\u00a0Vigna, Obfuscation-resilient privacy leak detection for mobile apps through differential analysis, in: NDSS, 2017.","DOI":"10.14722\/ndss.2017.23465"},{"key":"ref011","unstructured":"L.P.\u00a0Cox, P.\u00a0Gilbert, G.\u00a0Lawler, V.\u00a0Pistol, A.\u00a0Razeen, B.\u00a0Wu and S.C.\u00a0Spandex, Secure password tracking for Android, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), 2014, pp.\u00a0481\u2013494."},{"key":"ref012","doi-asserted-by":"publisher","DOI":"10.1145\/3428363.3428376"},{"key":"ref013","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2889495"},{"key":"ref014","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"ref015","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.26"},{"key":"ref016","unstructured":"Google play market, http:\/\/paly.google.com\/store\/apps\/."},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"M.I.\u00a0Gordon, D.\u00a0Kim, J.H.\u00a0Perkins, L.\u00a0Gilham, N.\u00a0Nguyen and M.C.\u00a0Rinard, Information Flow Analysis of Android Applications in Droidsafe, 2015.","DOI":"10.14722\/ndss.2015.23089"},{"key":"ref018","doi-asserted-by":"publisher","DOI":"10.1109\/SERE-C.2014.33"},{"key":"ref019","doi-asserted-by":"crossref","unstructured":"S.\u00a0Gro\u00df, A.\u00a0Tiwari and C.H.\u00a0Pianalyzer, A precise approach for pendingintent vulnerability analysis, in: European Symposium on Research in Computer Security, Springer, 2018, pp.\u00a041\u201359.","DOI":"10.1007\/978-3-319-98989-1_3"},{"key":"ref020","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771800"},{"key":"ref021","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046780"},{"key":"ref022","doi-asserted-by":"crossref","unstructured":"R.\u00a0Johnson, M.\u00a0Elsabagh, A.\u00a0Stavrou and J.\u00a0Offutt, Dazed droids: A longitudinal study of Android inter-app vulnerabilities, in: Proceedings of the 2018 on AsiaCCS, ACM, 2018, pp.\u00a0777\u2013791.","DOI":"10.1145\/3196494.3196549"},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"Y.K.\u00a0Lee, J.Y.\u00a0Bang, G.\u00a0Safi, A.\u00a0Shahbazian, Y.\u00a0Zhao and N.\u00a0Medvidovic, A sealant for inter-app security holes in Android, in: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE), IEEE, 2017, pp.\u00a0312\u2013323.","DOI":"10.1109\/ICSE.2017.36"},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"L.\u00a0Li, A.\u00a0Bartel, T.F.\u00a0Bissyand\u00e9, J.\u00a0Klein and Y.\u00a0Le Traon, Apkcombiner: Combining multiple Android apps to support inter-app analysis, in: IFIP International Information Security and Privacy Conference, Springer, 2015, pp.\u00a0513\u2013527.","DOI":"10.1007\/978-3-319-18467-8_34"},{"key":"ref025","doi-asserted-by":"crossref","unstructured":"L.\u00a0Li, A.\u00a0Bartel, T.F.\u00a0Bissyand\u00e9, J.\u00a0Klein, Y.\u00a0Le Traon, S.\u00a0Arzt, S.\u00a0Rasthofer, E.\u00a0Bodden, D.\u00a0Octeau and P.M.\u00a0Iccta, Detecting inter-component privacy leaks in Android apps, in: Proceedings of the 37th International Conference on Software Engineering-Volume 1, IEEE Press, 2015, pp.\u00a0280\u2013291.","DOI":"10.1109\/ICSE.2015.48"},{"key":"ref026","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2017.12"},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"L.\u00a0Lu, Z.\u00a0Li, Z.\u00a0Wu, W.\u00a0Lee and G.\u00a0Jiang, Chex: Statically vetting Android apps for component hijacking vulnerabilities, in: Proceedings of the 2012 ACM Conference on Computer and Communications Security, ACM, 2012, pp.\u00a0229\u2013240.","DOI":"10.1145\/2382196.2382223"},{"key":"ref028","unstructured":"monkeyrunner, https:\/\/developer.android.com\/studio\/test\/monkeyrunner."},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"D.\u00a0Octeau, S.\u00a0Jha, M.\u00a0Dering, P.\u00a0McDaniel, A.\u00a0Bartel, L.\u00a0Li, J.\u00a0Klein and Y.\u00a0Le Traon, Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis, in: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2016, pp.\u00a0469\u2013484.","DOI":"10.1145\/2837614.2837661"},{"key":"ref030","doi-asserted-by":"crossref","unstructured":"D.\u00a0Octeau, D.\u00a0Luchaup, M.\u00a0Dering, S.\u00a0Jha and P.\u00a0McDaniel, Composite constant propagation: Application to Android inter-component communication analysis, in: Proceedings of the 37th International Conference on Software Engineering-Volume 1, IEEE Press, 2015, pp.\u00a077\u201388.","DOI":"10.1109\/ICSE.2015.30"},{"key":"ref031","unstructured":"D.\u00a0Octeau, P.\u00a0McDaniel, S.\u00a0Jha, A.\u00a0Bartel, E.\u00a0Bodden, J.\u00a0Klein and Y.\u00a0Le Traon, Effective inter-component communication mapping in Android: An essential step towards holistic security analysis, in: Presented as Part of the 22nd USENIX Security Symposium, 2013, pp.\u00a0543\u2013558."},{"key":"ref032","doi-asserted-by":"crossref","unstructured":"S.\u00a0Rasthofer, S.\u00a0Arzt and E.\u00a0Bodden, A machine-learning approach for classifying and categorizing Android sources and sinks, in: NDSS, Vol.\u00a014, Citeseer, 2014, p.\u00a01125.","DOI":"10.14722\/ndss.2014.23039"},{"key":"ref033","doi-asserted-by":"publisher","DOI":"10.1145\/2906388.2906392"},{"key":"ref034","unstructured":"A.\u00a0Russo, A.\u00a0Sabelfeld and K.\u00a0Li, Implicit flows in malicious and nonmalicious code, in: Logics and Languages for Reliability and Security, IOS Press, 2010, pp.\u00a0301\u2013322."},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"J.\u00a0Samhi, A.\u00a0Bartel, T.F.\u00a0Bissyand\u00e9 and J.\u00a0Klein, Raicc: Revealing atypical inter-component communication in Android apps, in: 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE), IEEE, 2021, pp.\u00a01398\u20131409.","DOI":"10.1109\/ICSE43902.2021.00126"},{"key":"ref036","unstructured":"Secure-preference, https:\/\/github.com\/scottyab\/secure-preferences."},{"key":"ref037","doi-asserted-by":"publisher","DOI":"10.1145\/3338504.3357339"},{"key":"ref038","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Tsutano, S.\u00a0Bachala, W.\u00a0Srisa-An, G.\u00a0Rothermel and J.\u00a0Dinh, An efficient, robust, and scalable approach for analyzing interacting Android apps, in: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE), IEEE, 2017, pp.\u00a0324\u2013334.","DOI":"10.1109\/ICSE.2017.37"},{"key":"ref039","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660357"},{"key":"ref040","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176336"},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"K.\u00a0Yang, J.\u00a0Zhuge, Y.\u00a0Wang, L.\u00a0Zhou and H.\u00a0Duan, Intentfuzzer: Detecting capability leaks of Android applications, in: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ACM, 2014, pp.\u00a0531\u2013536.","DOI":"10.1145\/2590296.2590316"},{"key":"ref042","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS47924.2020.00037"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-220044","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-220044","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-220044","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,11]],"date-time":"2025-03-11T09:35:25Z","timestamp":1741685725000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-220044"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,28]]},"references-count":42,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,6,17]]}},"alternative-id":["10.3233\/JCS-220044"],"URL":"https:\/\/doi.org\/10.3233\/jcs-220044","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"type":"print","value":"0926-227X"},{"type":"electronic","value":"1875-8924"}],"subject":[],"published":{"date-parts":[[2023,11,28]]}}}