Inter-component communication (ICC) among Android apps is shown to be the source of many security vulnerabilities. Prior research has developed compositional analyses to detect the existence of ICC vulnerabilities in a set of installed apps. However, they all lack the ability to efficiently respond to incremental system changes—such as adding/removing apps. Every time the system changes, the entire analysis has to be repeated, making them too expensive for practical use, given the frequency with which apps are updated, installed, and removed on a typical Android device. This paper presents a novel technique, dubbed FLAIR, for efficient, yet formally precise, security analysis of Android apps in response to incremental system changes. Leveraging the fact that the changes are likely to impact only a small fraction of the prior analysis results, FLAIR recomputes the analysis only where required, thereby greatly improving analysis performance without sacrificing the soundness and completeness thereof. Our experimental results using numerous collections of real-world apps corroborate that FLAIR can provide an order of magnitude speedup over prior techniques.

事实表明，Android应用之间的组件间通信（ICC）是许多安全漏洞的根源。先前的研究已经开发出成分分析，以检测一组已安装的应用程序中是否存在ICC漏洞。但是，它们都缺乏有效响应增量系统更改（例如添加/删除应用程序）的能力。每次系统更改时，鉴于在典型的Android设备上更新，安装和删除应用程序的频率很高，因此必须重复整个分析，对于实际使用而言，这些分析太昂贵了。本文介绍了一种称为FLAIR的新颖技术，以便对Android应用程序进行有效而正式的安全性分析，以响应不断增加的系统更改。利用更改可能仅影响先前分析结果的一小部分这一事实，FLAIR仅在需要时重新计算分析，从而在不牺牲其可靠性和完整性的情况下极大地提高了分析性能。我们使用大量实际应用程序收集的实验结果证实，FLAIR可以比现有技术提供一个数量级的加速。