Android Privacy Protection Technique Based On Application Behavior Detection

Recent years,with the growing popularity of Android devices,a large number of applications(or apps for short)provide various services to Android users.However,the users' privacy is now suffering serious threats when they enjoy the convenience brought by apps.Specifically,some illegitimate apps steal users' private information,i.e.,sen-sor data,device or system information,historical records,etc.,without their grants.Privacy leakage may affect the normal life of users and may violate their personal and property safety at worse.Therefore,the privacy-preserving mechanism is one of the most important methods to ensure the privacy security of Android users.Particularly,it can be used to identify privacy leakage and perform the corresponding protective measures in real-time.The native Android operating system provides an effective per-mission mechanism for users.Some more flexible privacy-preserving schemes are also proposed subsequently,where more factors,e.g.,the environmental information,are considered in the permission management.Nevertheless,the granularities of proposed privacy-preserving schemes are inapplicable to precisely distinguish the data usage be-haviors with different semantics in Android apps.It incurs that the functionalities of target Android apps may be affected by existing privacy-preserving rules.To solve the above-mentioned problem and challenge,this dissertation focuses on the app behavior detection and the privacy-preserving technique,and carries on the following threefold research work:1.We propose a technique to recover contextual information in Android app behav-iors by API-level audit logs,and then design and implement the corresponding prototype system.The system gathers runtime logs about a target app from the Android middleware and then extracts the path matched with the logs from the app's CFG on the PC.The path contains a number of valuable contextual informa-tion that can be used to help analysts identify the malice with the target app.The challenge of implementing this system is that the computational complexity in the log matching is high,where there are a large number of candidates caused by the coupling relation in matching successive logs.This dissertation introduces a di-vide and conquer strategy to individually position each node on the CFG matched with logs.Experimental results on real-world apps validate that the effectiveness of this system.Then the recovered information can help to improve the data-flow detectability of existing static data-flow detection tools.Meanwhile,the logging module incurs negligible performance overhead on Android devices.2.We propose a context-based behavior detection technique for identifying mali-cious usage of sensitive data in Android apps and then design and implement the corresponding prototype system.The challenge of implementing this system is how to identify the malicious behaviors within Android apps without the ground truth.The key observation in this dissertation is that most market apps belong-ing to the same category usually have the same or similar core functionalities,and these functionalities should perform the same or similar behaviors to use the same type of sensitive data.Based on the observation,the system adopts the idea of outlier detection to identify the data usage behaviors that are different from the behaviors within the apps belonging to the same category.Then we design a behavioral recommendation strategy based on the outlier degree for helping ana-lysts select the malicious behaviors within the target app.The advantage of this system is to achieve automated behavioral identification without labeled behav-ioral datasets.Experimental results demonstrate the effectiveness of this system in identifying malicious data usage behaviors within various Android apps.3.We propose a fine-grained Android privacy-preserving scheme for data trans-mission behaviors and then design and implement the corresponding prototype system.This technique refines existing privacy-preserving schemes and treats data-flow paths as the essential objects in the privacy-preserving process.This system designs the nonintervention rules to solve the above-mentioned problem in exising privacy-preserving schemes.It locates target payloads by analyzing the intersection circumstances of data-flow paths with the target app,and then achieves that data leakage behaviors are intercepted while the other legitimate functionalities are not affected.To evade the burden for users in replacing the An-droid systems on their devices,this system adopts code instrumentation to block malicious data-flow transmissions at runtime.Experimental results show that the system protects users' privacy and meanwhile ensures the functionalities of target apps.Moreover,it introduces little runtime overhead for the apps.