Research On Privacy Leakage Analysis And Data Protection Technology Of Android Application

In recent years,mobile phones are developing rapidly around the world.Due to the characteristics of the open source,the Android platform is more vulnerable to the attacker's attention,leading to the leakage of sensitive information.At the same time,the application developers have not regulated the programing habits lead to the leakage of necessary protection measures for sensitive data.On the Android platform,social applications involve a wide range of privacy data,and have a large number of User Generated Content(UGC).The risk of privacy leakage is particularly prominent.Although the Android platform itself provides some security measures,such as permission mechanism,sandbox isolation mechanism and access control mechanism,and there are many researches and implementations for privacy analysis and sensitive data protections.However,existing methods are not applicable to the protection of the UGC on the Android application,so there is still a lack of protection for UGC.According to the present situation of privacy issues seriously on Android platform,this paper focus on the UGC on the Android platform as the research object.The design and implementation of a UGC protection scheme without repackaging applications is proposed,and the scheme strengthens the protection of the weak parts in the life cycle of UGC,to achieve the security of UGC and prevent the disclosure of user sensitive information.The main contributions of this paper are as follows:1.In this paper,we first review the definition and classification of privacy data on Android platform,clarify the goal of the research,and classify and generalize the researches of privacy leakage analysis and sensitive data protections home and abroad.We collect the concepts of privacy in these papers,and put forward a reasonable classification for schemes according to the sources and leakage modes of privacy data.2.Describe the definition of UGC on Android platform in detail,and introduce the life cycle of UGC,from the data generation to destruction.Analyze the threats of the whole process of UGC's life cycle.Finally,focus on the analysis of the fragility of the file storage stage,which faces serious threats to the life cycle,and the network transmission stage,which is facing the uncertain threat.3.Through the analysis of the life cycle of UGC in social applications and the related security threats,this paper designed a security enhancement scheme named UGC-Guard,applied for the applications by calling the APIs provided by the Android system in the data generation stage,such as the common social application WeChat.This paper solves the sensitive data leakage problem of social applications through the security enhancement scheme implemented in the framework layer,which effectively remedy the deficiency of the security mechanism currently implemented in the application layer.UGC-Guard can provide real-time security enhancement to avoid the high-risk vulnerability,which is a low-to-high transition point in the risk levels during the life cycle of UGC,without modification of the original applications.Besides,it has advantages such as high efficiency,simple operation and good user experience.