| With exponential growth of smart-phone applications,there are billions of people who are using smart-phones all over the world.Android has the majority worldwide market share with more than 36%.At the same time,Android applications are facing security threats because they contain much personal information.Data leakage is one of the most serious problems,while Android's permission control mechanism has been proved ineffective to protect personal privacy from malicious applications.This paper proposes an approach of detecting privacy leakage in Android applications.It depends on a static taint analysis with existent Source and Sink lists.At first,it extracts from the application sensitive sinks that send personal information like IMIE,SMS and LOGs.Secondly,it finds the sources in the application expressed by Jimple representation.Then,three cases are analyzed to find if there are any potential leaks.If sensitive data and the sink points are in the same method,it's the first case.The second case is used when sensitive data are passed as parameters of method calls.The third case is checked when the application calls another method including sink.A prototype system is implemented on top of Soot and experimental results on DroidBench demonstrated the effectiveness of the approach. |
PDF Full Text Request