AQUA: Android QUery analyzer

Chon Ju Kim, Phyllis Frankl

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Smart phone and tablet users typically store a variety of sensitive information on their devices, including contact information, photos, SMS messages, and custom data used by various applications. On Android devices, the data is stored in SQLite databases which applications access by constructing and executing queries, either directly or via Android content provider API calls. Before installing an application that uses a content provider, a user must grant permission for the application to read and/or write the associated data. Many users grant permission with little understanding of the risks. Even more savvy users cannot make well-informed decisions, as they are only given very coarse information about what data the application accesses. To provide users with more detailed information about how Android apps access and modify stored data, we have developed AQUA, the Android QUery Analyzer. AQUA analyzes application binary code, performing a lightweight static analysis to determine possible values of string variables that are incorporated into queries. AQUA reports on the content providers used and the database tables/attributes accessed and/or updated, allowing users to make more informed decisions about whether to grant permissions. This paper describes AQUA's design and evaluates AQUA's accuracy and performance by using it to analyze 105 popular apps downloaded from Google Play.

    Original languageEnglish (US)
    Title of host publicationProceedings - 19th Working Conference on Reverse Engineering, WCRE 2012
    Pages395-404
    Number of pages10
    DOIs
    StatePublished - Dec 1 2012
    Event19th Working Conference on Reverse Engineering, WCRE 2012 - Kingston, ON, Canada
    Duration: Oct 15 2012Oct 18 2012

    Publication series

    NameProceedings - Working Conference on Reverse Engineering, WCRE
    ISSN (Print)1095-1350

    Other

    Other19th Working Conference on Reverse Engineering, WCRE 2012
    CountryCanada
    CityKingston, ON
    Period10/15/1210/18/12

    Keywords

    • Android
    • Database application
    • Static analysis

    ASJC Scopus subject areas

    • Software

    Fingerprint Dive into the research topics of 'AQUA: Android QUery analyzer'. Together they form a unique fingerprint.

  • Cite this

    Kim, C. J., & Frankl, P. (2012). AQUA: Android QUery analyzer. In Proceedings - 19th Working Conference on Reverse Engineering, WCRE 2012 (pp. 395-404). [6385135] (Proceedings - Working Conference on Reverse Engineering, WCRE). https://doi.org/10.1109/WCRE.2012.49