An Approach for the Identification of Information Leakage in Automotive Infotainment systems

This thesis presents an automated static analysis approach and tool, Android Automotive Vulnerability Droid (AAVD), that can report sensitive data flows related to app-to-app communication commonly known as Inter-Component Communication (ICC) in Android Automotive apps. It can report ICC paths that exist between multiple Android Automotive apps and provide mitigation tips to resolve those insecure ICC paths. AAVD accurately identifies insecure ICC paths and provide improved performance as compared with the state of the art tools FlowDroid and AmanDroid. Our tool decompiles the Android Package Kit (APK) files to obtain the Java source code and perform analysis on the source code, it then reports the line number in the source code containing sensitive data flows. We tested our tool on 234 Android Auto apps downloaded manually from Google play store. We show improvements in terms of performance and detection of sensitive dataleaks in Android Automotive apps. In our experiments, our tool was able to analyse 224 apps, it found 148 apps as malicious and successfully identified 1462 ICC paths in 207 app pairs.