Using Static Analysis Test Android Applications Research Of Information Disclosure

With the rapid development of Internet technology and mobile device, next-generation computing platform has been gradually shifted from traditional desktops to mobile phones. Android OS, which is designed by Google, is favored by majority users and mobile phone manufacturers for its openess. Android applications use application market to distribute applications. Through applicatipon market, the developers can fast and conveniently deliver their products to a large number of potential users. With the help of application market, Android platform now has a substantial number of applications.Compared with traditional computing platform, mobile platform has a large amount of private information. Mobile applications can easily access such information through the API of Android. However, there is no validation process in application market to detect possible information on leak behavior in a large number of applications. This dissertation presents the "LeakMiner" method to solve this problem. LeakMiner uses static information flow analysis to identify the sensitive data in the application, tracks the data propagation on the bytecode level and notifies possible data leak points. To scale to the great number of applications in markets, this dissertation also designs several optimizations to accelerate the detection process.In an evaluation on200random selected applications, LeakMiner successfully analyzes177applications, and finds that23applications leak user’s sensitive data. LeakMiner costs4.3minutes in an average to analyze each application. This result shows that LeakMiner is efficient and effective to detect information breaching behavior in the market place.Through the experiment, it is found that sometimes sensitive data has been leaked into the logging system of Android. Due to the vulnerability of Android logging system, this finding reveals a potential security violation in Android applications. To solve this problem and enhance the security mechanism of Android, this dissertation introduces a per-app logging system to isolate the logs from different applications.