personal website

Go to content

Main menu:


Qualcomm[X] pursues the goal of developing a practical information flow tracking system for Android devices that could be commercially deployable. Qualcomm[X] employs a multi-layered approach to the static program analysis together with runtime support to avoid inherent imprecision of the static analysis. Static code analysis is used to build path-sensitive taint propagation summaries and optimize them with respect to runtime overhead. The runtime uses the summaries to dynamically propagate taints. If an app uses control-flow obfuscation techniques such as Java Reflection API together with string encryption, the runtime can invoke the static code analyzer to incrementally build new summaries or refine already existing ones.
Therefore, Qualcomm[X] performs accurate taint propagation and it is able to prevent the actual leakage of sensitive information as opposed to informing a user about what data may get leaked.
Back to content | Back to main menu