Taking Android App Vetting to the Next Level with Path-sensitive Value Analysis

Application vetting at app stores and market places is the first line of defense to protect mobile end-users from malware, spyware, and immoderately curious apps. However, the lack of a highly precise yet large-scaling static analysis has forced market operators to resort to less reliable and only small-scaling dynamic or even manual analysis techniques. In this paper, we present Bati, an analysis framework specifically tailored to perform highly precise static analysis of Android apps. Building on established static analysis frameworks for Java, we solve two important challenges to reach this goal: First, we extend this ground work with an Android application lifecycle model that includes the asynchronous communication of multi-threading. Second, we introduce a novel value analysis algorithm that builds on control-flow ordered backwards slicing and techniques from partial and symbolic evaluation. As a result, Bati is the first context-, flow-, object-, and path-sensitive analysis framework for Android apps and improves the status-quo for static analysis on Android. In particular, we empirically demonstrate the benefits of Bati in dissecting Android malware by statically detecting behavior that previously required manual reverse engineering. Noticeably, in contrast to the common conjecture about path-sensitive analyses, our evaluation of 19,700 apps from Google Play shows that highly precise path-sensitive value analysis of Android apps is possible in a reasonable amount of time and is hence amenable for large-scale vetting processes