International Journal of Innovative Research in Engineering & Multidisciplinary Physical Sciences
E-ISSN: 2349-7300Impact Factor - 9.907

A Widely Indexed Open Access Peer Reviewed Online Scholarly International Journal

Call for Paper Volume 13 Issue 4 July-August 2025 Submit your research for publication

Uncovering URL-Based Vulnerabilities in Android Apps via Static Slicing Techniques

Authors: Omkar Wagle, Anand Kumar Singh

DOI: https://doi.org/10.37082/IJIRMPS.v13.i2.232513

Short DOI: https://doi.org/g9mvpw

Country: USA

Full-text Research PDF File:   View   |   Download


Abstract: The increasing adoption of the Internet of Things (IoT) has led to a surge in interconnected devices, many of which leverage URLs for data communication between smart devices and servers. However, this reliance on URLs introduces security vulnerabilities, as malicious actors may exploit unprotected URL paths to gain unauthorized access. To mitigate these risks, it is crucial to detect potential vulnerabilities in Android applications during the development stage through static analysis. This paper presents a method for extracting URLs from Android APK files using static analysis, employing the Leakscope tool built on the Soot framework. Leakscope leverages taint analysis to track the flow of data from sources to sinks, identifying potential vulnerabilities that could lead to unauthorized data exposure or system compromise. The analysis process includes backward slicing to trace data flow and forward slicing to reconstruct the URL, thereby enabling developers to examine how user inputs impact URL formation. Experiments were conducted on two Android applications: a single-activity APK developed for this study and the multi-activity Samsung Galaxy Wearable APK. The results demonstrated the efficacy of Leakscope in identifying URL formation in simple applications, while revealing challenges when analyzing complex, multi-activity applications. Additionally, enhancements were made to Leakscope to support various string operations and literal data types. The findings underscore the need to extend Leakscope’s capabilities to handle loops and intents, as their absence limits the accuracy of detecting URL vulnerabilities. Future work will address these limitations to improve static analysis accuracy and reliability in complex Android applications.

Keywords: Leakscope, Soot, Internet of Things, Uniform Resource Locator (URL), static analysis, taint analysis, Android APK, source-to-sink


Paper Id: 232513

Published On: 2025-04-10

Published In: Volume 13, Issue 2, March-April 2025

Share this