Privacy Leaks Detection In Android Applications Based On Data Flow Analysis

With the development of technology,smart phones bring gigantic convenience to human.According to the statistics,smartphone with android system has powered 81%of smartphone market share.The huge quantities of android smartphones make android system becoming the target for attacker to steal private data of users.Therefore,the problem of revealing users' privacy has become an important issue,which is caused by smartphones.Two causes lead in users' privacy leaks:one is the carelessness of developer;another is the deliberate behavior of malware developed by attacker.For profit,some developers use non-malware developed by ad-bank,which also will reveal users' privacy.Researchers make use of the main threatening characteristic of malware against mechanism of private protection,revealing sensitive information,such as location,contacts,picture,message,and etc.to recognize malware.So,the privacy leaks in android application as an important characteristic of malware,caused the attention of the academia.Although data-flow analysis in android platform is different form that in PC,through researchers' efforts problems such as Activity lifecycle,callback method and inter-component communication have been solved.When studying on privacy leaks on android platform based on data-flow analysis,we figure out due to the various fragments appear,the dynamic binding Fragments in callback methods and Activity's lifecycle occupied very big one part,nevertheless,when perform data flow analysis,the fragments' lifecycle has an important influence on data flow analysis results.Therefore,lack of analysis of this part of the fragments will lead to a significant portion of the privacy will be lost.In another respect,attackers may use Fragment to hide its malicious activity,so that it can escape detecting by malware detecting tools.Therefore,if ignoring Fragments' lifecycle,which bind to Activity dynamically,the privacy leaks caused by Fragment can not be detected,which is not noticed on present research in solving privacy-revealing on android platform.Therefore,through experiment,it is proved when perfoming data-flow analysis,analyzing Fragment which is dynamically binded in application has great influence on detecting result.We Implemented the Privacy leaks detection tool,named FragHarden,which based on FlowDroid that is the static data-flow analysis tool accepted by academia,that make analysis result more comprehensive.We through a large amount of test set experiment proved that the dynamic and static registration of fragments of privacy leak test results,the influence of different level to verify the effectiveness of the FragHarden.Finally,we evaluated the performance of FragHarden,the result shows the average performance is 16.7%.