Description
Given the global popularity of the smartphone, the increasing value of data and how easily mobile applications can obtain even the most private user data, concerns have arisen regarding the privacy and security of nearly half of the world’s population of smartphone users. While the Android community has developed a rich variety of analysis tools, the iOS ecosystem, in turn, is a more unexplored area, which is due to its closed nature. This makes the development of new analysis mechanisms for iOS apps to reliably and precisely assess how data flows through an app and what data leaves it, an endeavour of the uttermost importance.This thesis presents a generic way to approximate the data-flow of an iOS app binary by using a weighted pushdown system (WPDS), which constitutes a novelty in the domain of iOS. We leverage the WPDS to perform static taint analysis and, as a proof of concept, aim to find privacy leaks in iOS apps. However, the discovery of privacy leaks is merely one type of data-flow related security problem where one can apply our approach. In this context, we propose a tool which starts with the interprocedural control-flowgraph (ICFG) of an iOS app binary and converts it to a WPDS. Along this binary-level conversion, we statically specify the types of entry and exit points, between which we want to track data-flow. This is the only non-generic component of our tool and aprerequisite for the taint analysis, where we aim to identify all tainted data-flow paths between the specified points. A set of the discovered tainted paths forms the final output of our tool.I n the evaluation process, we applied our tool to a case study with six different tainted paths representing the concepts we aimed to cover. Our tool could identify five of six cases correctly, with zero false positives. This strongly indicates that WPDSs are indeed a data-flow analysis framework, which can be leveraged for taint analysis of iOS applications. Nevertheless, future work is required to establish how well the tool performs on a real-world data set in practice.
|