PrivDroid: Android Security Code Smells Tool for Privilege Escalation Prevention.

Privilege Escalation (PE) attacks are common security issues in Android ecosystem. They typically involve the exploitation of vulnerabilities to gain unauthorized access to sensitive data. Preventing their related vulnerabilities is complex and hard to be understood and mitigated by developers. In a previous research, we performed an empirical study to investigate the effectiveness of existing IDE plugins in detecting known Android related vulnerabilities. We found that most of PE vulnerabilities are not covered by these IDE plugins. In order to assist developers to evade these issues, we present in this paper PrivDroid, an up to date and available IDE plugin for secure Android development. The tool combines static analysis techniques on the Android project source files to identify security code smells related to PE. Finally, PrivDroid is tested against more than 200 real Android applications and demonstrates that it gives additional capabilities to prevent Privilege Escalation related vulnerabilities.