search menu icon-carat-right cmu-wordmark

DidFail: Coverage and Precision Enhancement

July 2017 Technical Report
Karan Dwivedi (No Affiliation), Hongli Yin (No Affiliation), Pranav Bagree (No Affiliation), Xiaoxiao Tang (No Affiliation), Lori Flynn, William Klieber, William Snavely

This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps.

Publisher:

CERT

CMU/SEI Report Number

CMU/SEI-2017-TR-007

Abstract

This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps. The enhancements are new analytical functionality for content providers, file accesses, and dynamic broadcast receivers. Previously, DidFail did not analyze taint flows involving ContentProvider components; however, now it analyzes taint flows involving all four types of Android components. The latest version of DidFail tracks taint flow across file access calls more precisely than it did in prior versions of the software. DidFail was also modified to handle dynamically declared BroadcastReceiver components in a fully automated way, by integrating it with a recent version of FlowDroid and working to fix remaining un-analyzed taint flows. Finally, a new command line argument optionally disables static field analysis in order to reduce DidFail's memory usage and analysis time.
These new features make DidFail's taint tracking more precise (for files) and more comprehensive for dynamically registered BroadcastReceiver and ContentProvider components. We implemented the new features and tested them on example apps that we developed and on real-world apps
from different categories in the Google Play app store.