The Android smart-phone platform is very popular. Recently, malicious or vulnerable applications have been reported to cause several security problems. However, there is no effective method that a market operator can use to vet apps entering a market (e.g. Google Play).

Prior works using static analysis to address Android app security problems more focus on specific problems and built specialized tools for them. We observe that a large portion of those security issues can be resolved by addressing one underlying core problem – capturing semantic behaviors of the app such as object points-to and control-/data-flow information. Thus, we designed a new approach to conducting static analysis for vetting Android apps, and built a generic framework, called Amandroid, which does flow and context-sensitive data flow analysis in an inter-component way.

Our approach shows that a comprehensive static analysis method on Android apps is totally feasible in terms of compotation resources, and Amandroid framework is flexible and easy to be extended for many types of specialized security analyses.

Since Amandroid directly handles Inter-component control and data flows, it can be used to address security problems that results from interactions among multiple components from either the same or different apps. Amandroid analysis is sound in that it can provide assurance of the absence of the specified security problems in an app with well-specified and reasonable assumptions on the Android runtime and its library.

On top of Amandroid framework we performed certain specific security analyses, for instance, a) user password flow tracking, b) intent injection detection, c) crypto API misuse checking. We apply those analyses on 450 apps collected from Google Play’s popular apps and a third-party security company, and the results show that it is capable of finding real security issues and efficient enough in terms of analysis time.

Program Analysis Rule Engine

One of the big challenges for program analysis tool to success is the ease of writing module to detect new threats. Rule engine is a way to address this challenge. And it proved to be useful by state-of-the-art commercial tools, Fortify, AppScan, Coverity. The rule engine design of each of them has its pros and cons, I believe that after our study and research, we can do better with our analysis tool Amandroid.

Design a good rule engine is not only engineering work. It requires deep understanding of program analysis and mobile security, and trade off between generality and usability. The designer need to know the core of how static analysis and dynamic analysis works, and also know how to wrap it for normal user who might not have knowledge about program analysis.

Our rule engine is under implementation. It will work with Amandroid and our future dynamic analysis tool. And it will be integrated to our Argus-IDE platform.


Lack of centralized and weaponized Android Application investigation platform consumes many unnecessary human resources. Furthermore, without a powerful app analysis tool many analysis tasks cannot be done.

alternate text

Figure: Overview

Above figure shows the current design of Argus-CIT.

It is still under heavily implementation, once its released I will link the documents and sources.