Research on Cryptographic Misuse Detection for Android Applications Based on Dynamic and Static Combination.

Guosheng Xu,Xinyu Wang,Cheng Yu,Haoran Zhao,Yanhui Guo,Jinghong Guo,Chenyu Wang
DOI: https://doi.org/10.1145/3603273.3634708
2023-01-01
Abstract:Android applications are developing rapidly in the Internet era, and the security functions in Android applications are becoming more and more important. When developing security functions in Android applications, cryptographic APIs are mainly used to deal with functions related to user privacy and important data protection. If the developers do not have a solid grasp of cryptographic basics or use the relevant cryptographic API calls incorrectly, it will cause the risk of leaking the private information of Android applications. In the existing research on cryptographic misuse of Android applications, static detection methods have the problems of high false alarm rates and low accuracy, while dynamic detection methods often have low coverage of misuse rules due to targeting specific misuse. Therefore, this paper proposes a cryptographic misuse detection method for Android applications based on the combination of dynamic and static methods, using a combination of static detection based on program slicing and dynamic detection based on logging technology to realize misuse detection, and proposes a more comprehensive cryptographic misuse rule set. Through the comparison experiments with existing tools, it is proved that the proposed method has significant improvement in both accuracy and coverage, and has better misuse detection capability.
What problem does this paper attempt to address?