Abstract
Android has deprecated the use of readable/writeable mode for shared preferences from API level 17. Hence, the researchers are not paying much attention towards the privacy leak via shared preferences. However, Android app developers are still using these modes in practice. This may have serious ramifications such as privacy leakage, privilege escalation, etc, and may pose a severe threat to an user’s privacy. In this paper, we present an automaton based static analysis technique named SniffDroid to detect the inter-app privacy leaks via shared preferences in Android. To evaluate the performance of SniffDroid in real-time, we tested it on our developed dataset of 21 apps and 240 Google playstore apps. These apps are chosen from various categories such as banking, wallet, location, shopping, etc. SniffDroid conducts analysis at the component level. The empirical results of the proposed method indicate that SniffDroid operates in linear time w.r.t. the number of components. It works efficiently on apps of all sizes and is scalable.