AppAudit: Effective Real-time Android Application Auditing


This project graduates from the joint collaboration of Cyber-Physical Systems Lab at McGill University and Trusted Cloud Group at Shanghai Jiao Tong University. Some of the core techniques are results from two-year continued research efforts on improving the precision and efficiency of app auditing tools. This work is concluded in part in a paper published at the IEEE Security and Privacy Symposium 2015. Since then, we have been working on making our research outcome useful to market operators, mobile users, and mobile developers. And appaudit.io, which is named after the tool we proposed in the paper, starts to service the general public and provide scanning services to reveal security related problems in real applications.

From the research perspective, we propose to use the synergy of static and dynamic analysis to overcome the shortcomings of each individual analysis. We also propose a new dynamic program analysis technique, namely approximated execution to greatly reduce the memory consumption and analysis time for real apps. These two innovations allow us to quickly scan an app and find potential data leaks precisely. Benefited from these technical advantages, appaudit.io is capable of processing a large number of apps every day backed by just a few servers. If you are interested in program analysis or research in general, please take a look at our paper and feel free to contact me (mingyuan.xia@mail.mcgill.ca) for any questions.


Paper link: click here (IEEE)

Bibtex for citations:

@inproceedings{appaudit,
 author = {Mingyuan Xia and Lu Gong and Yuanhao Lyu and Zhengwei Qi and Xue Liu},
 title = {Effective Real-time Android Application Auditing},
 booktitle = {Proceedings of the 2015 IEEE Symposium on Security and Privacy},
 series = {SP '15},
 year = {2015},
 publisher = {IEEE Computer Society},
}