| Android operating system shares the largest market of intelligent mobile terminal operating systems nowadays, the number of Android applications with varying qualities is increasingly more, and the security problems of these applications have always been criticized. As the increasing reliance on intelligent mobile devices, more and more sensitive data has become the primary target of the attackers. Numerous malicious applications not only illegally obtain user sensitive information, but also perform sensitive actions such as automatically dialing or sending SMS charging message in the background, which leading to great losses to the users’privacy and property. Therefore, how to accurately detecting malicious behavior of Android applications, is one of the most important research fields in intelligent mobile terminal security.In order to detect the malicious behavior that steals sensitive information in Android system applications, a detection system for Android malicious behavior based on Binder information flow is proposed in this paper. By modifying the Binder source codes, our system can collect the communication information when the applications are running, and forms log files. Then the system parses the log files and imports the parsed out useful information into the database.In order to meet the specific security requirement, our scheme detects the privacy leakage by setting sensitive information matching field for querying and matching communication information in the database.Then our system marks the malicious behavior through graph traversal, and finally determines the malicious applications after getting the matched records. In order to better demonstrate the behavior of malicious applications for stealing private information, we develop a Web interface to show the applications information flow. Meanwhile, we mark the communication records that contain private information in a special way. Our Web interface enables to show multiple users’applications test results at the same time, and provides functions such as querying the applications information, which helps user to better manage Android mobile applications.Because the modification of the Binder mainly focuses on Binder driver layer, where Binder Inter-Process Communication is the basis communication mechanism in Android system with few changes, the design idea of the scheme is not only easy to migrate to various versions of Android with good compatibility, but also can be applied to other mobile operating systems running on different intelligent mobile terminals. On the other hand, because the collected communication information are general and universal, including the interaction information between applications, applications and operating system, we can implement variety of analysis to realize more valuable results according to the specific security needsThe experimental results show that the proposed scheme has little impact on performance of Android system. It will not cause higher system load. At the same time,it is suitable for the intelligent mobile terminals with limited computing resources. |
PDF Full Text Request