Idea: Benchmarking Android Data Leak Detection Tools

• Published in: Engineering Secure Software and Systems Vol. 10953; pp. 116 - 123
• Main Authors: Corrodi, Claudio, Spring, Timo, Ghafari, Mohammad, Nierstrasz, Oscar
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2018; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Android; Benchmarking; Data leak
• ISBN: 3319944959; 9783319944951
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-94496-8_9

Virtual application stores for mobile platforms contain many malign and benign applications that exhibit security issues, such as the leaking of sensitive data. In recent years, researchers have proposed a myriad of techniques and tools to detect such issues automatically. However, it is unclear how these approaches perform compared to each other. The tools are often no longer available, thus comparing different approaches is almost infeasible. In this work, we propose an approach to execute static analysis tools and collect their output to obtain unified reports in a common format. We review the current state-of-the-art in Android data leak detection tools, and from a list of 87 approaches, of which we were able to obtain and execute five. We compare these using a set of known vulnerabilities and discuss the overall performance of the tools. We further present an approach to compare security analysis tools by normalising their interfaces, which simplifies result reproduction and extension.