Receye:a Method To Detect Android Eavesdropping Application

With the rapid development of wireless communication and other information technology, mobile devices become an indispensable part of people’s daily life. While enjoying convenience of smartphones, people have to face the thread that malware tends to steal user’s privacy information. Among the privacy information, users’call conversations and ambient sounds are a key part of their daily life and malicious apps steal those information through stealthily recording. However, the security mechanism of Android permission system cannot prevent the user’s private information from being stolen by malicious apps.To enhance the functionality of mobile devices, users can download and install a variety of apps from the app stores. The apps can access user privacy-related information if the corresponding permission is granted during application installation. Generally, these apps are provided by anonymous developers. However, the app stores cannot eliminate spywares even though they may provide a software review.In this paper, we propose a detecting tool called RecEye, which detect whether the app attempts to eavesdrop user based on context-sensitive and flow-sensitive static analysis and machine learning theories. Taking into account the unique of the Android platform, we extended the Soot framework and proposed the solutions based on the Android programming model. Moreover, through parsing the manifest file and the Android components’lifecycles model, our analysis properly handle callbacks invoked by the Android framework, which contributing to the precise of static analysis.To evaluate the performance of RecEye, we downloaded 40,000+ apps randomly from several popular app stores for testing. The experimental results show that RecEye detected 3 true eavesdropping software, which are not marked as eavesdropping app by the mainstream Anti-Virus Software. Furthermore, we also analyzed nearly 10,000 malware samples, and the results show an average of 6.52% false positive and 2% false negative. Most of the software can be analyzed within 1 minute.RecEye can be easily extended to the detection of other leakage of privacy-related information and can also be deployed to the app stores for software safety review.