| Mobile devices and applications have gained increasing popularity these days. Consequently, the research for protecting user privacy against unintended data leakage has also gained wide attention. Application auditing method can effectively find data leakage behavior in mobile applications and thus help to protected sensitive user data. This paper propose such a method based on static program analysis. Compared with existing systems, our AppAudit can achieve higher precision with less analysis time and memory consumption.To achieve these goals, AppAudit is designed as a two-stage system. The first stage uses API analysis to quickly identify suspicious code paths in target applications. In the second stage, AppAudit uses an innovative executor to validate data leakage on these paths. This paper mainly focuses on the second stage. Our executor mainly comprises an object model that is capable of representing unknown values and is compatible with Android’s Dalvik virtual machine. The executor applies a set of execution rules to execute the bytecode of the target application and simulate program state at any program point. AppAudit also introduces taint analysis which can track sensitive data dissemination across the program. Our executor also depends on fuzzy execution to tackle unknown branches, infinite loops and infinite recursions when executing the program.We evaluate AppAudit with 1,005 samples of the Genome mobile malware dataset and free application samples from the official Android store. AppAudit achieves a high precision of 99.2% on the malware dataset and spends only several seconds per application. Compared with existing systems, AppAudit greatly improves detection precision and performs 8.3x faster and 90% less memory consumption. Hence, App Audit will have wide application space and research value. |
PDF Full Text Request