Jie Zhang and Qianyu Guo and Tieyi Zhang and Zhiyong Feng and Xiaohong Li
Toward Understanding and Testing Deep Learning Information Flow in Deep LearningBased Android Apps
171 - 179
2023
17
3
International Journal of Computer and Systems Engineering
https://publications.waset.org/pdf/10012983
https://publications.waset.org/vol/195
World Academy of Science, Engineering and Technology
The widespread popularity of mobile devices and the development of artificial intelligence (AI) have led to the widespread adoption of deep learning (DL) in Android apps. Compared with traditional Android apps (traditional apps), deep learning based Android apps (DLbased apps) need to use more thirdparty application programming interfaces (APIs) to complete complex DL inference tasks. However, existing methods (e.g., FlowDroid) for detecting sensitive information leakage in Android apps cannot be directly used to detect DLbased apps as they are difficult to detect thirdparty APIs. To solve this problem, we design DLtrace, a new static information flow analysis tool that can effectively recognize thirdparty APIs. With our proposed trace and detection algorithms, DLtrace can also efficiently detect privacy leaks caused by sensitive APIs in DLbased apps. Additionally, we propose two formal definitions to deal with the common polymorphism and anonymous innerclass problems in the Android static analyzer. Using DLtrace, we summarize the nonsequential characteristics of DL inference tasks in DLbased apps and the specific functionalities provided by DL models for such apps. We conduct an empirical assessment with DLtrace on 208 popular DLbased apps in the wild and found that 26.0 of the apps suffered from sensitive information leakage. Furthermore, DLtrace outperformed FlowDroid in detecting and identifying thirdparty APIs. The experimental results demonstrate that DLtrace expands FlowDroid in understanding DLbased apps and detecting security issues therein.
Open Science Index 195, 2023