Abstract There have been extensive investigations on identifying sensitive data flows in Android apps for detecting malicious behaviors. Typical real world apps have a large number of sensitive flows and sinks. Thus, security analysts need to prioritize these flows and data sinks according to their risks, i.e., flow ranking and sink ranking. In this paper, we present an efficient graph-algorithm based risk metric for prioritizing risky flows and sinks in Android grayware apps. The new risk metric is quantitative and can differentiate the sensitivities of flows and sinks in an app. In the experiments, our risk prioritization produces orderings that are highly consistent with manual inspection. To enable post-detection security enforcement of sensitive sinks, we also present an automatic rewriting framework that utilizes the above prioritization technique. Our rewriting strategies are more feasible than the state-of-art solutions by supporting flow- and sink-based rewriting. We implement our prototype as ReDroid. ReDroid is designed for security analysts who manage organizational app repositories and customize third-party apps to satisfy organization imposed security requirements. We use ReDroid to rewrite both benchmark apps and real world grayware.

中文翻译：

---

优先考虑应用安全转型的数据流和接收器

摘要 对于识别 Android 应用程序中的敏感数据流以检测恶意行为，已经进行了广泛的研究。典型的现实世界应用程序有大量敏感的流和汇。因此，安全分析师需要根据它们的风险对这些流和数据汇进行优先排序，即流排名和汇排名。在本文中，我们提出了一种基于图算法的有效风险度量，用于对 Android 灰色软件应用程序中的风险流和接收器进行优先排序。新的风险指标是定量的，可以区分应用程序中流量和汇的敏感性。在实验中，我们的风险优先排序产生了与人工检查高度一致的排序。为了启用敏感接收器的检测后安全实施，我们还提出了一个利用上述优先级技术的自动重写框架。通过支持基于流和汇的重写，我们的重写策略比最先进的解决方案更可行。我们将我们的原型实现为 ReDroid。ReDroid 专为管理组织应用程序存储库和定制第三方应用程序以满足组织强加的安全要求的安全分析师而设计。我们使用 ReDroid 来重写基准应用程序和现实世界的灰色软件。