In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations.
We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench.
Wed 7 NovDisplayed time zone: Guadalajara, Mexico City, Monterrey change
13:30 - 15:00 | Software Analysis IIResearch Papers / Journal-First at Horizons 5 Chair(s): Myra Cohen Iowa State University | ||
13:30 22mTalk | A Systematic Evaluation of Static API-Misuse Detectors Journal-First Sven Amann Technische Universität Darmstadt, Hoan Nguyen Iowa State University, Sarah Nadi University of Alberta, Tien N. Nguyen University of Texas at Dallas, Mira Mezini TU Darmstadt DOI | ||
13:52 22mTalk | Do Android Taint Analysis Tools Keep Their Promises? Research Papers Felix Pauck Paderborn University, Germany, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Heike Wehrheim Paderborn University | ||
14:15 22mTalk | Neural-Augmented Static Analysis of Android Communication Research Papers Jinman Zhao University of Wisconsin-Madison, USA, Aws Albarghouthi University of Wisconsin-Madison, Vaibhav Rastogi University of Wisconsin-Madison, USA, Somesh Jha University of Wisconsin, Madison, Damien Octeau University of Wisconsin and Pennsylvania State University | ||
14:37 22mTalk | Oreo: Detection of Clones in the Twilight Zone Research Papers Vaibhav Saini University of California at Irvine, USA, Farima Farmahinifarahani University of California at Irvine, USA, Yadong Lu University of California at Irvine, USA, Pierre Baldi University of California at Irvine, USA, Crista Lopes | ||