Research On Security Of Android Applications

Android, as one of the most popular operating system for mobile devices, iscurrently developed by Google in conjunction with the Open Handset Alliance. Asthe more and more Android applications are sold and shared on the Android Market,the malicious applications also take that advantage and harm the Android users andtheir mobile devices.The purpose of this paper is to find an efficient and accurate way to analyze thesecurity of Android applications and develop analysis tools to implement it. Theresearch of the Android security architecture, security model and vulnerabilitydiscovery technique helps to achieve the goal.In this paper, popular Android security technologies are well studied and thenthree security analysis methods are proposed:1) Android applications permissionoverprivilege analysis method. According to the permission relation, the method candetect permission overprivilege happens in the application while using protected API,Content Providers and Intents.2) Android IPC security analysis method. Static anddynamic analysis techniques are used to verify the application IPC security.3)Control flow and data flow analysis methods on Android application. These methodsprovide more accurate data for the permission overprivilege analysis and IPCsecurity analysis. The control flow graphs of applications are built iteratively,analysis is specified based on Android and IDA pro is leveraged to cover the nativecode. These three ways are improved the accuracy of the data flow analysis.Based on these three methods, an information collector is developed to get theversion-sensitive data for security analysis; static analysis tools are implemented thesecurity analysis methods for permission overprivilege and IPC security. The tools’specific requirements and design model are also discussed in this paper.The analysis tools are applied to several test cases and applications in the Android Market, and the results showed the methods proposed in this paper andanalysis tools implemented are good for supporting the security analysis of Androidapplications. The analysis tools are optimized for the Android applications, so theoutcomes are more accurate than the others.