Witness: Detecting Vulnerabilities in Android Apps Extensively and Verifiably

Existing studies on detecting vulnerabilities in apps have two main disadvantages: one is that some studies are limited to detecting a certain vulnerability and lack comprehensive analysis; the other is the lack of valid evidence for vulnerability verification, which leads to high false alarms rate and requires massive manual efforts. We propose the concept of vulnerability pattern to abstract the characteristics of different attacks, e.g., their prerequisites and attack paths, so as to support detecting multiple kinds of vulnerabilities. Also, we present a zero false alarms framework which can find vulnerability instances precisely and generate test cases and triggers to validate the findings, by combing static analysis and dynamic binary instrumentation techniques. We implement our method in a tool named Witness, which currently can detect 8 different types of vulnerabilities and is extensible to support more. Evaluated on 3211 popular apps, Witness successfully detected 243 vulnerability instances, with better precision and more proofs than four existing tools.