Research On Privacy Disclosure Detection Technology For Android Applications

With the coming of era of mobile Internet,smart phones as the device for access to the mobile Internet have been widely used around the world and change people's habits and ways of life.In the current mobile operating system,Android system has become the most used mobile operating system for its open source nature and high performance-price ratio.Because of this,a large number of feature-rich third party applications appear,however,there exist many applications with malicious behavior,these applications will breach privacy information of the user by exploiting the vulnerabilities of the Android system security mechanism in cases where the user is unaware or unconcerned,thus causing the disclosure of the user's privacy information.Therefore,it becomes an urgent research problem that how to detect Android malicious applications that breach privacy information.In order to effectively detect and prevent malicious applications from breaching privacy information in real time,we design a privacy protection scheme for the Android system and implement a protection system based on this scheme.The system mainly uses Hook technology to realize protect user's privacy information by monitoring the behavior of obtaining privacy information in real time and intercepting the behavior of malicious applications without modifying the Android system and applications.This system consists of three modules and the main contents of each module are as follows:1)Application Classification Module.This module trains applications' permission information sets through machine learning algorithm and then constructs a classification model.When a third party application is installed on a mobile phone,the application is classified as normal or malicious application through this model,the result will affects the execution flow of the Privacy Information Management Module and Collusion Attack Management Module,and then the module will tell user the result through a friendly hint interface to help users understand the harmfulness of the application.2)Privacy Information Management Module.This module uses Hook technology to add discrimination and interception operations before all the interfaces that provide privacy information: According to the result of the application classification module,when these interfaces are invoked by malicious applications,we use fake value generated randomly or empty value as the return value of the function interface to realize intercept the malicious application to obtain privacy information;when these interfaces are invoked by normal applications,we use original value as the return value of the function interface to don't affect their normal functions.3)Collusion Attack Management Module.This module uses Hook technology and custom permission rules to add discrimination and interception operations before all the interfaces that provide communication channel: According to the result of the application classification module,when applications categorized as normal call these interfaces for inter-application communication,we extract the permission information of the two parties and use permission rules to judge the two parties based on these permission information,if the two parties meet the permission rules,we use empty value as received data of the communication receiver to realize intercept the malicious application to transmit privacy information,if not,we use original value as the return value of the interface to don't affect their normal functions.To verify the effectiveness of our scheme and system,we collect 688 malicious applications and 594 normal applications as test samples and then do experiments.In our experiments,we prove our system can effectively distinguish between malicious and normal applications,and prevent malicious applications from obtaining privacy information.In addition,we collect 241 pairs of applications that can cause collusion attack and then do experiments.Experiments show that our system can detect collusion attack accurately under the condition of reducing false positive rate and implement a more comprehensive protection of user's privacy information stored in the Android system by intercepting communication content.