The Research And Improvement Of Android App Permission Detecting Techniques

Android becomes the most popular mobile operating system, which attracts lots of consumers on account of the rich user experience, but also leads to the attackers carrying out the malicious activity for personal gain. Permission is a key safety feature on Android which is used to control the power of applications accessing to user’s privacy data and limited resources. At present, the study on how apps use permission has mostly been one of hotspots in the Android security research.This thesis briefly analyzes the Android’s security mechanisms, and then describes the privilege management mechanism in detail, including usage, security responsibilities and efficiency. We propose a novel implicit permission detection method for Android apps based on static analysis, which definitely get the resources accessed by the implicit API in one app, while these resources can’t be figured out by the established work. The main works in this dissertation are listed as follows:We propose an implicit permission detection method which divides the Android APIs triggering a permission check into explicit and implicit. This method extracts the complete resource access information of the implicit calls, which highly improve the detection rate than the existed works.We develop a lightweight permissions analysis tool named UpsetEx. The tool contains complete Permission-API mappings, including the explicit and implicit ones. Procedural data flow analysis is adopted by UpsetEx to obtain the resource parameters of implicit function calls. UpsetEx is coded in Python and the generated permission reports can be further used in other security related researches.We analyze the actual Android apps to evaluate the usage of permissions.226popular apps (19different categories) from Android market are evaluated, in which115apps use implicit permissions, and over203apps are over-privilege.Detecting the permissions accessed by Android apps can help the developers to request and use permission more properly to avoid possible attacks. The tool UpsetEx provides the researchers accurate and detailed permission usage information which can be used in further research in the area of Android security.