This Web site provides supplementary material for the paper "Lifting Inter-App Data-Flow Analysis to Large App Sets", submitted to FSE 2016. The paper describes a variability-aware approach for analysis of privacy leaks between android apps. On this page we provide access to the tool, SIFTA, developed in this project and documentation on the experiments.
In our experiments, we compare our tool, SIFTA against other state-of-the-art tools. SIFTA has been developed by Niklas Schalck Johansson and Mikael Mark Hardø during their master thesis. We compare it against Didfail and IccTA. Both can be used to detect privacy leaks as described in the paper. The tools can be obtained from the following Web sites: SIFTA: https://github.com/Dyrborg/SIFTA. Didfail: https://www.cs.cmu.edu/~wklieber/didfail/. IccTA: https://sites.google.com/site/icctawebpage/.
To evaluate the accuracy of SIFTA, we conducted experiments with benchmark sets for privacy flow analysis on android apps. For these experiments we used the "precision" branch of SIFTA.
|IACBench||A benchmark set developed by us. Focus on inter-app communication.|
|ICC-Bench||A benchmark set developed by the authors of Amandroid, yet another tool for app flow analysis.|
|DroidBench||A well known benchmark set for flow analysis in android apps. We used the branch "iccta" in which most relevant apps were provided by the authors of IccTA.|
In a second set of experiments we evaluated the scalability of SIFTA on real-world apps. For these experiments we used the "scalability" branch of SIFTA. We used three different sets of android apps:
|IccRE||A set of 445 apps that are known to leak privacy data through inter-component communication.|
|MalGenome||A set of 1260 malware apps collected by the Android Malware Genome Project .|
|PlayStore set||A set of 164324 apps that we downloaded from the google play store. We used relations in metadata of downloaded apps to add new apps to the download queue, starting with the facebook app. This provides us with a huge set of apps well distributed over the app store.|
To help with using SIFTA, we prepared a small script that downloads and sets up SIFTA. A second script can be used to download DroidBench and run SIFTA on the benchmark. Both scripts can be downloaded from this link.
First ensure that all required packages are installed on your system (python, graphviz, ...) github.com/.../SIFTA/.../setup on clean ubuntu 14.04. Then, run ./setup.sh from the Sifta_test_env.tar.gz archive. After setup, you can run ./test_DroidBench.sh to download DroidBench and evaluate SIFTA.
The paper "Lifting Inter-App Data-Flow Analysis to Large App Sets" has been written by Alexander von Rhein, Thorsten Berger, Niklas Schalck Johansson, Mikael Mark Hardø, and Sven Apel. For questions regarding the paper, please contact the authors.