| Due to the defects of the Android system itself,the problem of privacy leakage is constantly caused.At the same time,the existing detection technology of privacy leakage can not detect the malicious software that imitates the behavior of the normal software,and has the deficiencies of incomplete detection,low accuracy and high false positive rate.In order to detect privacy leakage in Android more completely and accurately,this paper proposes a context-based privacy leakage detection method in Android,after in-depth analysis of security status of the Android system and the advantages and disadvantages of the existing privacy leakage detection methods.This method uses the context information associated with a specific software behavior in Android applications to assist the process of static taint analysis.While improving the detection accuracy,this method can reduce the code range of static taint analysis thereby improving the detection efficiency.The main work of this paper is as follows:(1)Combined with the characteristics of the Android system and privacy leakage behaviors,this paper proposes the concept of context to summarize the specific software behavior in Android applications accurately.In this paper,the sequence of precursor and subsequent execution methods,the authority required for the method,the user intention,the execution process variables and other related information will be refined to a context for the taint path analysis during static taint analysis,in order to improve the accuracy of privacy leakage detection in Android applications.(2)Proposing a context-based privacy leakage detection method in Android.According to the definition of context,this method extracts the corresponding context information and constructs the control flow derived graph based on the decompiled result,then corrects and filtrates the control flow derived graph through the context information filtering,so that it can deal with the reflection mechanism of the Android system and interaction process between components,as well as judge the user intention behavior.Finally,with the help of the static taint analysis technology,the taint path analysis is carried out through the corrected control flow derived graph and other context information to complete the detection of the privacy leakage behavior.(3)Based on this method,this paper designs and implements ContextFinder,a detecting system of privacy leakage in Android.This article selects two test sets,DroidBench and APKs from practical application markets,then tests and evaluates the system,and makes a horizontal comparison with other privacy leakage detection methods.The experimental results show that this method is an effective technique of detecting and analyzing privacy leakage in Android with high accuracy,low misdetection rate and high analysis efficiency. |
PDF Full Text Request