Level 2a Clause Samples

Level 2a. Intra-App Information Flow Control Analysis‌ On Level 2a, the Android App Analysis tool supports intra-App data flow analyses for tracing the information flow through a single Application. In particular, the tool will analyze the propagation of information protected by some permissions to statements or components which use other permissions. Based on the support of the Soot framework (see Section 4.2) the tool will decompile the input .apk file to a Jimple model. With specific analyzing techniques, the tool will then compute and analyze the information flow. Depending on the selected mode (SUMMARY or COMPARISON), the tool will accordingly display the analysis result which covers the two cases below: 1. Checking secure behavior by summarizing the intra-App information flow. 2. Checking the changes of security in an installed Application by comparing the intra-App information flow with a previous result. SUMMARY mode In SUMMARY mode the tool will compute the resource flow from compo- nents providing protected data (known as sources) to components requiring different permis- sions (known as sinks). There are three different detail levels for users to analyze an .apk file. Those are component flow, statement flow and resource to resource, as described in the Requirement Specification. According to the chosen detail level, the tool analyzes the control flow for such kind of detail level. On all detail levels it will use the same control flow model. If the detail level component flow is chosen, the tool will focus on the components of the Application and the connections between them. The detail level statement flow takes a closer look on every statement oc- curring on an information flow path from a source to a sink. The resource to resource level has the same processing but concentrates on the information from which source to which sink an information flow exists. COMPARISON mode In COMPARISON mode, the tool provides options for analyzing the already installed Applications based on their previous analysis result and a newly installed Application. So before running the analysis in this mode, the user needs to provide all the necessary .apk files and the previous analysis result as input. The tool will analyze the already installed Applications by considering their previous analysis result along with the information provided in the newly installed Application. The tool will produce the output by analyzing the control flow and also by comparing it with the previous...