| The focus on privacy leak of Android Applications is increasing since the continuous improvement of Android system market share. In order to prevent the spread of malicious program leaking privacy information, this paper researches the static detection method of privacy leak and proposes a static source code detection techniques based on the defect mode.This thesis firstly summarizes possible way of privacy leak, and analyzes code features. Then establish the specific detection model, according to the classification of privacy information. We consider the read of different types privacy information as different defects, define the corresponding state machine model, design the corresponding detection algorithm and design the function summary generation algorithm for different types of private information. Android applications are written in Java language, due to the particularity of the field variables in Java. This thesis proposes the concept of field variables summary and integrates it with function summary. After the completion of the above work, the system detects the privacy leak on the control flow graph with the state machine model designed. During the iteration on control flow graph, the system tracks the transitions of the state machine. When the state machine instance comes into "ERROR" state, there is an information leak in the application, and the program will report an error.At last, we use over100open source projects to verify the effectiveness of the program, and analyze the testing result. Our system has strong practical significance in use. If using our system to detect every application before added to application market, the spread of malicious programs that leak privacy information could be cut off from the source. |
PDF Full Text Request