Research On Some Problems Of Privacy Leakage Of Android Application

With the rapid development of mobile Internet,the number of Internet users who use Android devices for Internet activities is increasing dramatically.Android has become the most popular smartphone operating system and has the highest occupation rate of market.Android users can conveniently download their favorite apps(applications)from the Android app stores to meet their needs of work,entertainment,learning,etc.However,Android mobile phones and apps not only provide great convenience to users,but also bring lots of security problems to users,which threaten user's personal information security.Among them,privacy leakage is one of the most important security threats faced by Android mobile phone users.Nowadays,Android privacy leakage problem is becoming more and more serious,and privacy leakage problem exists in both malicious apps and non-malicious apps.Malicious apps often steal users' privacy information and provide illegal benefits for malicious app makers or communicators.Non-malicious apps sometimes also violate users' privacy to provide some specific functions or services.What is worse,the security vulnerabilities that widespread in Android system and apps deepen the threat of privacy leakage to users.The research of Android privacy leakage has become a hot topic in the field of mobile security.Therefore,this dissertation focuses on the privacy leakage problem of Android apps.The main work and innovations include the following aspects:(1)Several improvements are made on existing detection method of Android app privacy leakage based on static taint analysis.The problem of existing static taint analysis tools cannot do effective taint analysis for Android dynamic loading and reflection mechanism is solved.Android source code is modified to enable the Android system to timely store the loaded dex files and reflection invocation information during the running process of an Android app.This information will be used to guide the static taint analysis process of the app,and a policy that replacing the reflective method invocation with nonreflective method invocation is proposed.Based on these ideas,a taint analysis tool—DyLoadDroid is proposed,which is made some improvements on the state-of-the-art static taint analysis tool—FlowDroid,and can do effective taint analysis for Android dynamic loading and reflection mechanism.Sufficient experiments is done and the results show that DyLoadDroid is very effective in dealing with the problem of static taint analysis of Android dynamic loading and reflection mechanism.(2)A new and effective behavior-oriented GUI exploration tool OA3 E is proposed,which can be used to trigger the target program behaviors which are related to privacy leakage in an Android app.To solve the problem that most of the existing Android GUI exploration tools only pursue high code coverage,rather than triggering the target behaviors of an app,a behavior-oriented GUI exploration method based on Activity Filtering and GUI Filtering is proposed.The GUI exploration method is applied to OA3 E,a behavior-oriented GUI exploration tool which is developed by making several improvements on A3 E.OA3E uses the API invocation to approximately represent the program behavior.It finds out the effective activities and GUI elements in the paths to reach the target API invocations based on static analysis.In the dynamic exploration period,OA3 E will not exercise ineffective activities and GUI elements to save time costs of GUI exploration and improve the efficiency of triggering target program behaviors.The test result of 100 popular Android apps shows that OA3 E has a significant advantage in triggering the target program behaviors of an Android app.(3)The problem of port-opening vulnerability that exists widely in Android apps is proposed and studied,and the privacy leakage problem that caused by port-opening vulnerability is studied.First of all,the concept of port-opening vulnerability is proposed,and the universality of port-opening apps in current Android app stores,the purposes of opening network ports and the possible attacks that the vulnerable apps may suffer from are studied.Then a detection method of port-opening vulnerability of Android app based on static analysis is proposed and this method is applied to a detection tool—APOVD(Android Port-Opening Vulnerability Detection).APOVD first judges whether an opened port can lead to the occurrence of sensitive behaviors by the method of reachability analysis and taint analysis.Then the technique of static program slicing is used to judge whether there exists adequate access controls in the paths to reach each sensitive behavior.If there exists a path to reach a sensitive behavior and exists no adequate access control in this path,APOVD considers that the app under test has port-opening vulnerability.The test result of 15600 Android apps shows that APOVD is effective in detecting port-opening vulnerability.(4)The problem of location privacy leakage of webcasters is studied.Now many webcasting mobile apps have the function of searching webcasters nearby.When an audience searches nearby webcasters somewhere,server will return webcasters' information nearby,along with the distance between webcaster and audience.7 of the top 15 most popular webcasting apps are found to have this function.However,it is found through experiments that all of them have vulnerabilities of leaking webcasters' location privacy.This paper analyzes and sums up developers' commonly used distance calculation methods,and the corresponding localization methods are proposed based on these distance calculation methods.To exploit the vulnerability simply and efficiently,three vulnerability exploitation frameworks are proposed,and the validity of localization methods and vulnerability exploitation frameworks is verified by experiments.At last,defensive measures for this vulnerability are proposed.(5)China's largest network webcasting platform—YY— is chosen as the study object,and the problem of leaking any YY user's accurate geographical location and mobile phone number is studied.Taking advantage of a series of security vulnerabilities that exist in YY,first,user's accurate geographical location is broken by trilateration localization algorithm.Then,according to user's geographical location,his(or her)mobile phone number attribution can be inferred.Next,mobile phone number test set is constructed according to the mobile phone segment allocation made by the three telecommunication operators.Finally,brute force method is used to break user's mobile phone number.For the YY account of which mobile phone number cannot be directly broken,an associate account searching method based on channel matching and geographical location matching is proposed.The great effect of user's geographical location on breaking mobile phone number is proved by experiments,and the dangers and repairing suggestions of the vulnerabilities are given at the end of the paper.