In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations.
We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench.
Wed 7 Nov Times are displayed in time zone: Guadalajara, Mexico City, Monterrey change
13:30 - 15:00 | Software Analysis IIResearch Papers / Journal-First at Horizons 5 Chair(s): Myra CohenIowa State University | ||
13:30 22mTalk | A Systematic Evaluation of Static API-Misuse Detectors Journal-First Sven AmannTechnische Universität Darmstadt, Hoan NguyenIowa State University, Sarah NadiUniversity of Alberta, Tien N. NguyenUniversity of Texas at Dallas, Mira MeziniTU Darmstadt DOI | ||
13:52 22mTalk | Do Android Taint Analysis Tools Keep Their Promises? Research Papers Felix PauckPaderborn University, Germany, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Heike WehrheimPaderborn University | ||
14:15 22mTalk | Neural-Augmented Static Analysis of Android Communication Research Papers Jinman ZhaoUniversity of Wisconsin-Madison, USA, Aws AlbarghouthiUniversity of Wisconsin-Madison, Vaibhav RastogiUniversity of Wisconsin-Madison, USA, Somesh JhaUniversity of Wisconsin, Madison, Damien OcteauUniversity of Wisconsin and Pennsylvania State University | ||
14:37 22mTalk | Oreo: Detection of Clones in the Twilight Zone Research Papers Vaibhav SainiUniversity of California at Irvine, USA, Farima FarmahinifarahaniUniversity of California at Irvine, USA, Yadong LuUniversity of California at Irvine, USA, Pierre BaldiUniversity of California at Irvine, USA, Crista Lopes | ||