Pre and Post Processing for Comprehensive and Practical Android App Static Analysis (REPROCESS)

The REPROCESS project aims to improve Android app security by enhancing static analysis, reducing both false positives and false negatives.

The project at a glance

Start date:

01 Jul 2022
Duration in months:

48
Funding:

FNR
Principal Investigator(s):

Tegawendé François d Assise BISSYANDE

Jacques KLEIN

About

The REPROCESS project seeks to enhance the practicality and accuracy of static analysis for Android applications by addressing existing limitations in the detection of security vulnerabilities. The project focuses on two primary objectives: (1) to create a unified code representation that incorporates both native and Dalvik code into static analysis, and (2) to filter out irrelevant alerts by leveraging contextual information specific to each app. Current static analysers, such as FlowDroid, often miss potential vulnerabilities due to insufficient handling of native code, resulting in false negatives. REPROCESS will address this by unifying native and Dalvik bytecode into a shared representation, enabling more comprehensive analysis and reducing undetected threats. For instance, integrating intermediate representations such as JIMPLE or LLVM could render analysis tools “binary-aware”, making it possible to uncover vulnerabilities embedded within native code components. To tackle the issue of false positives—alerts triggered by behaviours that are legitimate within the app’s context—REPROCESS will employ machine learning techniques such as anomaly detection and clustering. By contextualising alarms according to app-specific behaviours, the project aims to distinguish genuine security threats from benign activity, thereby reducing the need for time-consuming manual review. For example, GPS data flow is expected in navigation apps but may raise concerns in unrelated app types—a distinction machine learning can help automate and clarify. The research plan includes developing tools for code representation unification, automated false alarm filtering, and rigorous experimental validation. Expected outcomes include academic publications, open-source tools, and standardised benchmarks designed to benefit both the research community and industry. These advancements are anticipated to significantly enhance Android app security and reliability across a wide user base. Through this work, REPROCESS aims to produce more robust static analysis tools that provide precise and context-aware insights for developers and security analysts alike.