| With the more and more popularity of Android mobile phones, the Android security problem is becoming more and more important.People use the Android smartphones for voice calls, sending and receiving text messages, handling all kinds of information, entertainment and social networking, enjoy the convenience of smart phones, but at the same time the user’s personal privacy also faces the risk of leakage. At present, Android, a smartphone operating system, has become the most attractive platform formalicious software. The main target of malicious software is to steal the user’s privacy information.Therefore, how to ensure privacy information stored in the user’s Android phone security became the hot research topic.From the perspective of Android permission system theft and the API abuse, this thesis evaluates the legitimate Android ROM and applications to exclude the risk of possible loss of privac y. In this thesis, we make the following contributions.The first, we find a potential attacking method to get privacy information from smartphones. This attack utilizes the self-signed mechanism for Android application. This attack method takes advantage of public AOSP (Android Open Source Project) signature vulnerability, gets permissions of pre-installed software and steals the users’ private information. Against this vulnerability, this thesis proposes a fast detection method, it can reverse multiple applications at the same time, and check the signature information. The vulnerability can be detected quickly. The results show that among the popular Android ROMs in the market, a few important series have AOSP vulnerability, such as CM, MIUI, etc. The proposed method only needs 9-10 minutes to detect a ROM, it can quickly and efficiently scan the ROMs. Experimental results show these vulnerabilities can be easily exploited by attackers.The second, we combine the machine learning techniques and the Android malware detection to detect the possible applications of the illegal API calls. To collect the applications’ natural language description on the Android market website, and then clustering the applications. When the applications running on the phone, the same kind of applications should have similar behavior characteristics. The static API usage can be a proxy for behavior. Extract the API of the application in its class, through machine learning and clustering API to identify the applications different from the similar class application API, if similar class not related to the API of private information,but... |
PDF Full Text Request