FidFail: Coverage and Precision Enhancement

Abstract : This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps. The enhancements are new analytical functionality for content providers, file accesses, and dynamic broadcast receivers. Previously, DidFail did not analyze taint flows involving Content Provider components; however, now it analyzes taint flows involving all four types of Android components. The latest version of DidFail tracks taint flow across file access calls more precisely than it did in prior versions of the software. DidFail was also modified to handle dynamically declared Broadcast Receiver components in a fully automated way, by integrating it with a recent version of Flow Droid and working to fix remaining unanalyzed taint flows. Finally, a new command line argument optionally disables static field analysis in order to reduce DidFail's memory usage and analysis time. These new features make DidFail's taint tracking more precise (for files) and more comprehensive for dynamically declared Broadcast Receiver and Content Provider components. We implemented the new features and tested them on example apps that we developed and on real-world apps from different categories in the Google Play app store.