Modern Android applications often incorporate numerous native C/C++ libraries to efficiently handle CPUintensive tasks or interact at a low level with specific hardware, such as performing specialized GPU rendering. Recent research on Android security has revealed that these libraries are frequently adopted by third-party developers and may pose security risks if not regularly updated, as publicly disclosed vulnerabilities in outdated libraries can be exploited by malicious actors. To determine whether these known vulnerabilities represent an immediate and tangible threat, it is essential to assess whether the vulnerable functions can be executed during application runtime – a research problem commonly known as function reachability. In this article, we introduce DroidReach++, a novel static analysis approach for evaluating the reachability of native function calls in Android applications. Our framework overcomes the limitations of existing state-ofthe-art methods by combining heuristics with symbolic execution, enabling a more precise reconstruction of Inter-procedural Control-Flow Graphs (ICFGs). When applied to the top 500 applications from the Google Play Store, DroidReach++ identifies a significantly higher number of execution paths compared to previous techniques. Finally, two case studies demonstrate how DroidReach++ serves as an effective tool for vulnerability assessment.
Borzacchiello, Luca; Cornacchia, Matteo; Maiorca, Davide; Giacinto, Giorgio; Coppa, Emilio. (2025). DroidReach++: Exploring the reachability of native code in android applications. COMPUTERS & SECURITY, (ISSN: 0167-4048), 159: 1-19. Doi: 10.1016/j.cose.2025.104657.
DroidReach++: Exploring the reachability of native code in android applications
Coppa, Emilio
2025
Abstract
Modern Android applications often incorporate numerous native C/C++ libraries to efficiently handle CPUintensive tasks or interact at a low level with specific hardware, such as performing specialized GPU rendering. Recent research on Android security has revealed that these libraries are frequently adopted by third-party developers and may pose security risks if not regularly updated, as publicly disclosed vulnerabilities in outdated libraries can be exploited by malicious actors. To determine whether these known vulnerabilities represent an immediate and tangible threat, it is essential to assess whether the vulnerable functions can be executed during application runtime – a research problem commonly known as function reachability. In this article, we introduce DroidReach++, a novel static analysis approach for evaluating the reachability of native function calls in Android applications. Our framework overcomes the limitations of existing state-ofthe-art methods by combining heuristics with symbolic execution, enabling a more precise reconstruction of Inter-procedural Control-Flow Graphs (ICFGs). When applied to the top 500 applications from the Google Play Store, DroidReach++ identifies a significantly higher number of execution paths compared to previous techniques. Finally, two case studies demonstrate how DroidReach++ serves as an effective tool for vulnerability assessment.
| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S0167404825003463-main.pdf
Open Access
Tipologia:
Versione dell'editore
Licenza:
Creative commons
Dimensione
2.69 MB
Formato
Adobe PDF
|
2.69 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
