| With the development of technology and the improvement of life, smartphonehas replaced traditional mobile phone to become a commodity of people’s routine life.When smartphones provide a lot of convenience to users, it also brings amount ofprivacy leak risks of users’ personal information. Android which has the largestmarket share of mobile operating system, is concerned by the international society andacademia about its privacy data protection. Under this background, this thesisproposes a new method to detect the privacy leakages in Android applications byanalyzing the structure of Android program and researching the technique ofinter-process program analysis methods. An appropriate tool is implemented to detectthe privacy leaks automatically.In this thesis, the popular Android security technologies and achievements areinvestigated and analyzed at first. To solve existed problems, a new method of staticprogram analysis is proposed from four aspects.1) Analyzing the pseudo-code ofAndroid program to reduce the error codes which are imported by decompiling.2)Doing the inter-procedural analysis on Android programs using the flow sensitive andcontext sensitive analysis techniques to improve the accuracy of analysis result.3)Doing reflection analysis with reflection standardization to support Android programswith reflection calling.4) Improving taint analysis matching rules to make the taintanalysis result more precise.Then, based on the above researches, an automatic Android application privacyleakage detection tool is developed, which can analyze each entry point of Androidapplication and find the privacy leakage in the program. The tool’s specificrequirements and design models are given in detail in this thesis.At last, the proposed techniques and detection tool are validated by theexperiments. The experiment results show that the analysis methods and techniquesare valid and the detection tool is reliable which can detect the privacy leakages in theAndroid programs. |
PDF Full Text Request