Security vetting of Android apps is often performed under tight time constraints (e.g., a few minutes). As such, vetting activities must be performed “at speed”, when an app is submitted for distribution or a device is analyzed for malware. Existing static and dynamic program analysis approaches are not feasible for use in security analysis tools because they require a much longer time to operate than security analysts can afford. There are two factors that limit the performance and efficiency of current analysis approaches. First, existing approaches analyze only one app at a time. Finding security vulnerabilities in collaborative environments such as Android, however, requires collaborating apps to be analyzed simultaneously. Thus, existing approaches are not adequate when applied in this context. Second, existing static program analysis approaches tend to operate in a “closed world” fashion; therefore, they are not easily integrated with dynamic analysis processes to efficiently produce hybrid analysis results within a given time constraint.

In this work, we introduce Jitana, an efficient and scalable hybrid program analysis framework for Android. Jitana has been designed from the ground up to be used as a building block to construct efficient and scalable program analysis techniques. Jitana also operates in an open world fashion, so malicious code detected as part of dynamic analysis can be quickly analyzed and the analysis results can be seamlessly integrated with the original static analysis results. To illustrate Jitana’s capability, we used it to analyze a large collection of apps simultaneously to identify potential collaborations among apps. We have also constructed several analysis techniques on top of Jitana and we use these to perform security vetting under four realistic scenarios. The results indicate that Jitana is scalable and robust; it can effectively and efficiently analyze complex apps including Facebook, Pokémon Go, and Pandora that the state-of-the-art approach cannot handle. In addition, we constructed a visualization engine as a plugin for Jitana to provide real-time feedback on code coverage to help analysts assess their vetting efforts. Such feedback can lead analysts to hard to reach code segments that may need further analysis. Finally we illustrate the effectiveness of Jitanain detecting and analyzing dynamically loaded code.

通常在严格的时间限制（例如几分钟）内对Android应用程序进行安全审查。因此，当提交应用进行分发或分析设备中的恶意软件时，必须“快速”执行审核活动。现有的静态和动态程序分析方法不适用于安全性分析工具，因为它们需要的操作时间比安全性分析人员所能承受的时间长得多。有两个因素限制了当前分析方法的性能和效率。首先，现有方法一次只能分析一个应用。但是，要在协作环境（如Android）中发现安全漏洞，需要同时分析协作应用程序。因此，在这种情况下应用现有方法是不够的。第二，现有的静态程序分析方法倾向于以“封闭世界”的方式运行；因此，它们不容易与动态分析过程集成以在给定的时间限制内有效产生混合分析结果。

在这项工作中，我们介绍了Jitana，这是一个适用于Android的高效且可扩展的混合程序分析框架。Jitana从一开始就被设计用作构建高效和可扩展程序分析技术的基础。Jitana也以开放世界的方式运行，因此可以快速分析作为动态分析的一部分检测到的恶意代码，并将分析结果与原始静态分析结果无缝集成。为了说明Jitana的功能，我们使用它同时分析了大量的应用程序，以识别应用程序之间潜在的协作。我们还基于Jitana构建了几种分析技术我们使用它们在四种实际情况下进行安全审查。结果表明，Jitana具有可伸缩性和鲁棒性。它可以有效地分析最先进方法无法处理的复杂应用程序，包括Facebook，PokémonGo和Pandora。此外，我们构建了可视化引擎作为Jitana的插件，以提供有关代码覆盖率的实时反馈，以帮助分析师评估其审核工作。这样的反馈会导致分析人员难以到达可能需要进一步分析的代码段。最后，我们说明了Jitana在检测和分析动态加载的代码中的有效性。