FlowCog: Context-Aware Semantic Extraction and Analysis of Information Flow Leaks in Android Apps

Android apps having access to private information may be legitimate, depending on whether the app provides users enough semantics to justify the access. Existing works analyzing app semantics are coarse-grained, staying on the app-level. They can only identify whether an app, as a whole, should request special permission but cannot answer whether a specific app behavior under a particular runtime context, such as information flow, is correctly justified. We propose FlowCog, an automated system to extract semantics related to information flows and correlate such semantics with given information flows to address these issues. Particularly, FlowCog statically finds all the Android views related to the given flow via control or data dependencies and then extracts semantics, such as texts and images, from these views and associated layouts. Next, FlowCog adopts natural language processing and deep learning approaches to infer whether the extracted semantics correlate with the given flow. Our evaluation shows that FlowCog can achieve an accuracy rate of 95.4% and an F-1 score of 0.953.