| In recent years, Android has rapidly become the most widely used platform of smart phones. Due to the openness of its system and the application markets, many mobile malwares take Android as a major target. I study the Android permission system. When an application tries to access the protected data and API, Android apps have to declare these corresponding permissions in their manifest file. To ensure the security of users’ data, applications must follow the principle of least privilege. However, applications often overdeclare permissions, which are never used. This threatens the privacy of users and makes it harder to detect malwares.In this paper, at the beginning, I take a further study in the mechanism of Android permission system and bring a method to detect the over-declared permission. Then, according to the characteristics of permission combination used in malwares, I find the threats in applications and define their security level. Moreover, Sunday string matching algorithm is used to improve the method efficiency. At last, I design and implement a system of Android Application Permissions Analysis, with function modules of downloading application samples, determining the over-declared permissions, judging security level of apps and dynamic verification. The analysis results show that 74.5% of applications have the problem of over-declared permissions. Developers should pay a great attention to the problems and constrain their programming behaviors. |
PDF Full Text Request