International Journal of Innovative Research in Engineering & Multidisciplinary Physical Sciences
E-ISSN: 2349-7300Impact Factor - 9.907

A Widely Indexed Open Access Peer Reviewed Online Scholarly International Journal

Call for Paper Volume 13 Issue 3 May-June 2025 Submit your research for publication
Submit Research Paper Join as a Reviewer

Plagiarism is checked by the leading plagiarism checker TurnItIn

Call for Paper

Volume 13 Issue 3
May-June 2025

Submit Your Research

Indexing
Indexed in Academia Indexed in Index Copernicus Indexed by Google Scholar DOI through Zenodo
E-ISSN 2349-7300
CrossRef

Authors can order CrossRef DOI for their research paper published in our journal IJIRMPS.

DOI prefix of IJIRMPS is
10.37082/IJIRMPS

Downloads
Research Paper Format Agreement of Publication Cover Page Vol 13 Isu 2Cover Page Vol 13 Isu 1Cover Page Vol 12 Isu 5

Uncovering URL-Based Vulnerabilities in Android Apps via Static Slicing Techniques

Authors: Omkar Wagle, Anand Kumar Singh

DOI: https://doi.org/10.37082/IJIRMPS.v13.i2.232513

Short DOI: https://doi.org/g9mvpw

Country: USA

Full-text Research PDF File:   View   |   Download

Abstract: The increasing adoption of the Internet of Things (IoT) has led to a surge in interconnected devices, many of which leverage URLs for data communication between smart devices and servers. However, this reliance on URLs introduces security vulnerabilities, as malicious actors may exploit unprotected URL paths to gain unauthorized access. To mitigate these risks, it is crucial to detect potential vulnerabilities in Android applications during the development stage through static analysis. This paper presents a method for extracting URLs from Android APK files using static analysis, employing the Leakscope tool built on the Soot framework. Leakscope leverages taint analysis to track the flow of data from sources to sinks, identifying potential vulnerabilities that could lead to unauthorized data exposure or system compromise. The analysis process includes backward slicing to trace data flow and forward slicing to reconstruct the URL, thereby enabling developers to examine how user inputs impact URL formation. Experiments were conducted on two Android applications: a single-activity APK developed for this study and the multi-activity Samsung Galaxy Wearable APK. The results demonstrated the efficacy of Leakscope in identifying URL formation in simple applications, while revealing challenges when analyzing complex, multi-activity applications. Additionally, enhancements were made to Leakscope to support various string operations and literal data types. The findings underscore the need to extend Leakscope’s capabilities to handle loops and intents, as their absence limits the accuracy of detecting URL vulnerabilities. Future work will address these limitations to improve static analysis accuracy and reliability in complex Android applications.

Keywords: Leakscope, Soot, Internet of Things, Uniform Resource Locator (URL), static analysis, taint analysis, Android APK, source-to-sink

Paper Id: 232513

Published On: 2025-04-10

Published In: Volume 13, Issue 2, March-April 2025

Share this


Open Access CC-BY-SA All research papers published in this journal/on this website are openly accessible and licensed under Creative Commons Attribution-ShareAlike 4.0 International License; accordingly, any user can read, download, copy, distribute, print, search, or link to the full texts of the authors/researchers submitted and published articles, crawl them for indexing, pass them as data to any software, or use them for any other lawful purpose. The journal is fulfilling the DOAJ's definition of open access.
About IJIRMPS
Indexing & Archiving
Publication Ethics
Peer Review & Plagiarism 		Website/Journal Policies
Usage Policy
Content Policies
Privacy Policy 		Contact Us

+91-9687-828-838
editor@ijirmps.org