Android Code Unification for Improved Static Analysis

What is it about?

In recent years, Android apps have increasingly used a mix of traditional Android code and native code written in languages like C++. Native code can make apps more powerful but also complicates security analysis. Most existing tools only analyze the Android part of the app, missing potentially dangerous native code. Our work introduces a tool called JuCify, designed to unify these two types of code into a single model for better analysis. JuCify merges the call patterns of both native and Android code, enabling security tools to detect previously hidden vulnerabilities. We tested JuCify on real-world apps and found that it significantly improves the accuracy of security checks by exposing hidden connections between different parts of an app. This helps in detecting data leaks and other security issues more effectively. JuCify is open-source, allowing other researchers to use and build upon our work.

Featured Image

Photo by Chris Ried on Unsplash

Photo by Chris Ried on Unsplash

Why is it important?

Our work with JuCify is unique and timely because it addresses a critical gap in the security analysis of Android apps. With the increasing use of native code in Android apps, traditional static analysis tools that only focus on Android code are no longer sufficient. These tools often miss significant portions of the app's behavior, potentially overlooking security vulnerabilities hidden in the native code. JuCify stands out by being the first approach to create a unified model of both Android bytecode and native code, making it possible to perform comprehensive security analyses. This unified model allows existing tools to analyze the entire app, uncovering vulnerabilities that would otherwise remain hidden. By integrating native and Android code into a single analysis framework, JuCify significantly enhances the precision and recall of security checks. This innovation is timely given the rapid increase in the use of native code in both benign and malicious apps. Our empirical studies show that native code is pervasive in modern apps, making it essential for security tools to adapt. JuCify's ability to reveal previously undetectable data leaks and malicious behavior through native code is necessary for improving the security and trustworthiness of Android apps.