FlowCog: Context-aware semantics extraction and analysis of information flow leaks in android apps

Xiang Pan, Yinzhi Cao, Xuechao Du, Boyuan He, Gan Fang, Yan Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations


Android apps having access to private information may be legitimate, depending on whether the app provides users enough semantics to justify the access. Existing works analyzing app semantics are coarse-grained, staying on the app-level. That is, they can only identify whether an app, as a whole, should request a certain permission, but cannot answer whether a specific app behavior under certain runtime context, such as an information flow, is correctly justified. To address this issue, we propose FlowCog, an automated, flow-level system to extract flow-specific semantics and correlate such semantics with given information flows. Particularly, FlowCog statically finds all the Android views that are related to the given flow via control or data dependencies, and then extracts semantics, such as texts and images, from these views and associated layouts. Next, FlowCog adopts a natural language processing (NLP) approach to infer whether the extracted semantics are correlated with the given flow. FlowCog is open-source and available at https://github.com/SocietyMaster/FlowCog. Our evaluation shows that FlowCog can achieve a precision of 90.1% and a recall of 93.1%.

Original languageEnglish (US)
Title of host publicationProceedings of the 27th USENIX Security Symposium
PublisherUSENIX Association
Number of pages17
ISBN (Electronic)9781939133045
StatePublished - Jan 1 2018
Event27th USENIX Security Symposium - Baltimore, United States
Duration: Aug 15 2018Aug 17 2018

Publication series

NameProceedings of the 27th USENIX Security Symposium


Conference27th USENIX Security Symposium
CountryUnited States

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'FlowCog: Context-aware semantics extraction and analysis of information flow leaks in android apps'. Together they form a unique fingerprint.

Cite this