The Research Of Android Taint Analysis Technology Based On Information Flow

With the rapid development of mobile devices and network technology, mobile Internet has become an important guarantee of social development. The ensuing issue of mobile security has become the most serious problem in mobile Internet age. Statistical analysis showed that the mobile device malicious‘ behavior mainly include sensitive data theft, remote control, malicious deduction, malicious dissemination, consumption rates, system destruction, rogue software, data corruption, etc. Among them, the users’ sensitive data theft is one of the most common in all kinds of malicious behaviour. How to effectively detect malicious behavior of users’ sensitive data is what people need to resolve immediately.In all over the world, the research of mobile malware detection has been doing well. However, some approaches have been a little backward. The traditional method of dynamic analysis can make judgment according to the performance of software runtime, but it is difficult to cover all software running paths, and the consumption of the hardware resources is large. And traditional method of static analysis can perform well when the behavioral characteristics of the software is already in the library, but for the emergence of new malicious behavior, its detection accuracy is questionable. After doing research work deeply for mobile devices’ users’ sensitive data theft and its analysis work, we present a new type of Android malicious behavior detection technology---- Android taint analysis technology based on information flow. This is an detection approach mainly against the malicious behavior of user sensitive data theft, which has low taint tracking granularity, does not need client source code, can detect unknown malicious behavior, has high accuracy, etc.This article first elaborated the research background and significance, the main behavior of Android malware, the Android system security mechanism and relevant background knowledge, and then mainly studied the two important steps of static taint analysis----control flow analysis and data flow analysis. Control flow analysis mainly through analysis the program’s all decompiled source to find out the transmission way of the data in the no-ordered information flow to facilitate the data flow analysis. Data flow analysis mainly through instruction analysis to identify and tag the data sented via Android sended API, reverse direction track the data(for the no-ordered information flow needs the result of control flow analysis), eventually found the source of the data and check whether it is from the Android API access to sensitive data. Then we build a prototype system based on static taint analysis shows the system design and some implementation details. Finally, we give an experimental evaluation of the prototype system, from the functionality side and performance side. The experiments show that the approach of static taint analysis based on information flow can well complete the task for detection of users’ sensitive data theft, but the performance needs to be improved.