ELiX: Path-selective taint analysis for extracting mobile app links

Yongjian Hu, Oriana Riva, Suman Nath, Iulian Neamtiu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

App links, also known as mobile deep links, are URIs that point to specific pages in an app. App links are essential to many mobile experiences: Google and Bing use them to link search results directly to relevant pages in an app and apps use them for cross-app navigation. However, app links are hard to discover and, since they must be explicitly built into apps by developers, only exist for a small fraction of apps. To address these two problems, we propose Elix, an automated app link extractor. We define link extraction as a static information flow problem where a link, with its scheme and parameters, is synthesized by analyzing the data flow between subsequent pages in an app. As static analysis is prone to false positives, Elix adopts a novel, path-selective taint analysis that leverages symbolic execution to reason about path constraints and abandon infeasible paths. Elix can automatically and correctly discover links that are exposed by an app, and many others that are not explicitly exposed, thus increasing coverage of both link-enabled apps and link-enabled pages in an app. Elix also simplifies the scheme of extracted links by reducing complex types to a minimal set of primitive types. We have implemented Elix on Android and applied it to 1007 popular Android apps. Elix can extract 80–90% of an app’s links, and above 80% of the extracted links are stable.

Original languageEnglish (US)
Title of host publicationMobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services
PublisherAssociation for Computing Machinery, Inc
Pages193-206
Number of pages14
ISBN (Electronic)9781450366618
DOIs
StatePublished - Jun 12 2019
Event17th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2019 - Seoul, Korea, Republic of
Duration: Jun 17 2019Jun 21 2019

Publication series

NameMobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services

Conference

Conference17th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2019
CountryKorea, Republic of
CitySeoul
Period6/17/196/21/19

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Computer Networks and Communications

Keywords

  • Mobile app links
  • Static analysis
  • Symbolic execution

Fingerprint Dive into the research topics of 'ELiX: Path-selective taint analysis for extracting mobile app links'. Together they form a unique fingerprint.

Cite this