search menu icon-carat-right cmu-wordmark

Practical Precise Taint-flow Static Analysis for Android App Sets

August 2018 White Paper
William Klieber, Lori Flynn, William Snavely, Michael Zheng

This paper describes how to detect taint flow in Android app sets with a static analysis method that is fast and uses little disk and memory space.


Software Engineering Institute


Colluding apps, or a combination of a malicious app and leaky app, can use intents (messages sent to Android app components) to exfiltrate sensitive or private information from an Android phone. This paper describes a novel static analysis method “Precise-DF” to detect taint flow in Android app sets (including flows involving multiple apps) that is precise, fast, and uses relatively little disk and memory space. Precise-DF re-uses the fast modular analysis of the DidFail static analysis tool, and adds context and therefore precision with parameterized summaries of potential data flows. We added Boolean formulas to DidFail’s flow equations, to record conditions of control flow paths relevant to possible taint flows. The method that we have refined (a modular analysis with parameterized summaries of flow of sensitive information) is generally applicable to the class of problems involving taint flow analysis for software systems that communicate by message passing. This paper also describes how an enterprise architecture could use Precise-DF to analyze and enforce compliance with dataflow policies.