Large-Scale Vulnerability Assessment and Detection for Android Apps


  • Explore the comprehensive taxonomy of existing app vulnerabilities and build an app vulnerability analysis baseline
  • Evaluate the capability of different existing techniques towards vulnerability detection in specialized domains
  • Develop a domain-aware compositional vulnerability detection framework which is more scalable and more accurate

Existing Solutions and Their Limitations

  • Use generic syntax-based scanning and pattern matching
  • Output a lot of false positives
  • Cannot detect most of the data leakage-related vulnerabilities


  • Vulnerability knowledge base construction
    • Design knowledge base schema and meta-model
    • Large-scale apps collection and labelling (semi-automatic)
    • Evaluation of the existing vulnerability detection techniques
  • Compositional vulnerability detection guided by the knowledge base
    • Implement domain-specific analysis (source/library/native)
    • Aggregation of global analysis results


Practical Applications and Impact

  • Integrated as a part of an app screening pipeline
  • Detecting data leakage vulnerabilities in the real banking apps



Keep up to date with what's happening at the Singapore Management University

Newsletter checkboxes