| As the perfection of functionality and user experience of smart phone,smart phone is being used by more and more people. Most of the smartphones carry Android as the default system. However as Android is onlycreated recently, the permission system on Android is not perfect. Thephenomenon of capability leakage often happens.Android capability leakage refers to the phenomenon that thepermission of an application is illegally stolen by an application without it.An android application has four components: activity, service, contentprovider and broadcast. Android platform has intent mechanism: oneapplication may call the component of another application to achieve somekind of functionality. One illegal intent call may lead to capability leakage.There are two requirements of capability leakage: the called componentsshould contain some permissions, those permissions contained are notverified during intent calling process.This research develops a static analysis method to analyze Androidcapability leakage. Based on our method, entry of an application is firstanalysed. Control flow graph and data flow graph of each entry are created.Alias is used to make the control flow graph more accurate. Capability istransformed into some rules in xml. These rules are used to search thecontrol flow graph to get the capability of each component of application.The configuration file is analysed to see if the capability of eachcomponent is verified when being called. Through the comparation ofpermission one component contains and the permission one componentverifies, a report of which capability is leaked can be got. Based on the method above, an automatic testing tool of capabilityleakage on Android applications is developed using java language. Thensome experiments are carried out. The experiment of success rate andmissing rate of capability leakage detection shows that the success rate is80%and the missing rate is20%. We grab6697Android applications andperformed analysis on them in volume and find out about1.62%ofapplications has capability leakage. The efficiency of the analysis methodis also tested, most of the application can be analysed in40seconds andthat is acceptable. |
PDF Full Text Request