DroidReach++: Exploring the reachability of native code in android applications

Modern Android applications often incorporate numerous native C/C++ libraries to efficiently handle CPU-intensive tasks or interact at a low level with specific hardware, such as performing specialized GPU rendering. Recent research on Android security has revealed that these libraries are frequently adopted by third-party developers and may pose security risks if not regularly updated, as publicly disclosed vulnerabilities in outdated libraries can be exploited by malicious actors. To determine whether these known vulnerabilities represent an immediate and tangible threat, it is essential to assess whether the vulnerable functions can be executed during application runtime – a research problem commonly known as function reachability. In this article, we introduce DROIDREACH++, a novel static analysis approach for evaluating the reachability of native function calls in Android applications. Our framework overcomes the limitations of existing state-of-the-art methods by combining heuristics with symbolic execution, enabling a more precise reconstruction of Inter-procedural Control-Flow Graphs (ICFGs). When applied to the top 500 applications from the Google Play Store, DROIDREACH++ identifies a significantly higher number of execution paths compared to previous techniques. Finally, two case studies demonstrate how DROIDREACH++ serves as an effective tool for vulnerability assessment.