System and method for detecting sensitive user input leakages in software applications

What is claimed is: 1 . A method for detecting sensitive user input leakages in a software application comprising the steps of: parsing a user interface (UI) layout file of the software application to identify input fields; obtaining information concerning the input fields from the UI layout file; identifying input fields that include sensitive information and generating a list of sensitive input fields; performing a taint analysis based on the list of sensitive input fields; detecting information leaks in the sensitive input fields; and notifying a user of information leaks in the sensitive input fields to avoid use of the software application by the user. 2 . The method as recited in claim 1 , wherein the parsing of a UI layout file further comprises the step of rendering a UI of the UI layout file. 3 . The method as recited in claim 2 , wherein the UI is rendered in a manner that simulates the UI when it is dynamically rendered by the user during operation of the software application. 4 . The method as recited in claim 1 , wherein the information concerning the input fields that is obtained comprises at least one of: attributes, hints, text labels and absolute coordinates of graphical user interface elements. 5 . The method as recited in claim 4 , wherein the absolute coordinates of graphical user interface elements are computed based upon known absolute coordinates of a parent container and relative coordinates of the graphical user interface elements. 6 . The method as recited in claim 1 , wherein the step of identifying input fields that contain sensitive information comprises the steps of: analyzing the attributes of the input fields; reviewing hints associated with the input fields and comparing the hints with a sensitive keyword database; and analyzing text labels for an input field and comparing the text labels with the sensitive keyword database. 7 . The method as recited in claim 6 , wherein the sensitive keyword database is generated by performing the steps of: crawling text in resource files from a plurality of software applications to obtain a list of text; utilizing natural language processing to analyze a grammar structure of the text in the list and generating a narrowed list by excluding certain words from the list based on the grammar structure; and identifying sensitive keywords in the narrowed list. 8 . The method as recited in claim 6 , wherein the text labels are determined to be related to a specific input field by determining the distance between each of the text labels and the specific input field and the relative positions of each of the text labels and the specific input field. 9 . The method as recited in claim 1 , wherein the step of performing a taint analysis further comprises the step of identifying widget variables for sensitive input fields. 10 . The method as recited in claim 9 , further comprising the step of associating the widget variables with corresponding UI layouts in order to avoid duplicate widgets. 11 . The method as recited in claim 1 , wherein a pre-defined sink dataset is utilized to identify sink locations in the software application in order to detect information leaks. 12 . A system for detecting sensitive user input leakages in a software application comprising, a processor, memory and an interface, wherein said memory is configured to store: a layout parsing module which parses a user interface (UI) layout file of the software application to identify input fields and obtain information concerning the input fields from the UI layout file; an identification module which identifies input fields that contain sensitive information and generates a list of sensitive input fields; and a taint analysis module which detects information leaks in the sensitive input fields based on the list of sensitive input fields and notifies a user of information leaks in the sensitive input fields to avoid use of the software application by the user. 13 . The system of claim 12 , wherein the layout parsing module renders a UI of the UI layout file in a manner that simulates the UI when it is dynamically rendered by the user during operation of the software application. 14 . The system of claim 12 , wherein the layout parsing module obtains information concerning the input fields from the UI layout file comprising at least one of: attributes, hints, text labels and absolute coordinates of graphical user interface elements. 15 . The system of claim 13 , wherein the layout parsing module determines absolute coordinates of graphical user interface elements based upon known absolute coordinates of a parent container and relative coordinates of the graphical user interface elements. 16 . The system as recited in claim 12 , wherein the identification module identifies input fields that contain sensitive information by: analyzing the attributes of the input fields; reviewing hints associated with the input fields and comparing the hints with a sensitive keyword database; and analyzing text labels for an input field and comparing the text labels with the sensitive keyword database. 17 . The system as recited in claim 16 , wherein the identification module determines that text labels are related to a specific input field by determining the distance between each of the text labels and the specific input field and the relative positions of each of the text labels and the specific input field. 18 . The system as recited in claim 12 , wherein the taint analysis module identifies widget variables for sensitive input fields. 19 . The system as recited in claim 18 , wherein the taint analysis module associates the widget variables with corresponding UI layouts in order to avoid duplicate widgets. 20 . The system as recited in claim 12 , wherein the taint analysis module identifies sink locations in the software application based upon a sink database in order to detect information leaks.