Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance and are hence sound y . Unfortunately, the specific unsound choices or flaws in the design of these tools is often not known or well documented, leading to misplaced confidence among researchers, developers, and users. This article describes the Mutation-Based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded practice of mutation analysis. We implemented μSE and applied it to a set of prominent Android static analysis tools that detect private data leaks in apps. In a study conducted previously, we used μSE to discover 13 previously undocumented flaws in FlowDroid, one of the most prominent data leak detectors for Android apps. Moreover, we discovered that flaws also propagated to other tools that build upon the design or implementation of FlowDroid or its components. This article substantially extends our μSE framework and offers a new in-depth analysis of two more major tools in our 2020 study; we find 12 new, undocumented flaws and demonstrate that all 25 flaws are found in more than one tool, regardless of any inheritance-relation among the tools. Our results motivate the need for systematic discovery and documentation of unsound choices in soundy tools and demonstrate the opportunities in leveraging mutation testing in achieving this goal.

中文翻译：

---

基于系统变异的安全性 Android 静态分析技术可靠性评估

在过去十年中，移动应用程序安全一直是安全研究的主要关注领域。已经提出了许多应用程序分析工具来响应恶意、好奇或易受攻击的应用程序。然而，现有的工具，特别是静态分析工具，以分析的稳健性换取精度和性能，因此是稳健的是的. 不幸的是，这些工具设计中的具体不合理选择或缺陷通常不为人所知或没有充分记录，导致研究人员、开发人员和用户之间的信心错位。本文介绍了基于突变的稳健性评估(μSE) 框架，通过利用有充分根据的突变分析实践，系统地评估 Android 静态分析工具以发现、记录和修复缺陷。我们实现了 μSE，并将其应用于一组著名的 Android 静态分析工具，用于检测应用程序中的私有数据泄漏。在之前进行的一项研究中，我们使用 μSE 发现了 FlowDroid 中的 13 个先前未记录的缺陷，FlowDroid 是 Android 应用程序最突出的数据泄漏检测器之一。此外，我们发现这些缺陷还传播到其他基于 FlowDroid 或其组件的设计或实现的工具。本文大大扩展了我们的 μSE 框架，并对我们 2020 年研究中的另外两个主要工具进行了新的深入分析；我们发现了 12 个新的、未记录的缺陷，并证明所有 25 个缺陷都存在于不止一个工具中，无论工具之间的任何继承关系如何。我们的结果激发了系统发现和记录健全工具中不健全选择的需求，并展示了利用突变测试实现这一目标的机会。