Research On Detecting Privacy Leaks In Android Hybrid Applications Based On Dynamic Taint Tracking

Posted on:2016-05-24

Degree:Master

Type:Thesis

Country:China

Candidate:Z Q Xiong

Full Text:PDF

GTID:2348330479453428

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

In the era of mobile Internet, Android smart devices have become an integral part of our lives and are heavily relied on by millions of People. A lot of personal privacy data store in them, such as contacts, call history, text messages and photos. People are very concerned about whether their privacy will be compromised.Android native software appeared earlier and their software architecture is mature. A lot of research about privacy leak detection in Android native applications have been accumulated. While with Android smart devices performance improvements, HTML5 moible web technology developments and mobile browser engine performance improvments, Android hybrid applications build with a new Android application architecture emerged and became more and more popular. Android hybrid applications have novel software architecture and the bridge between Java and JavaScript layers diminishes the gaps between the native and web environments. As hybrid applications are different from native applications, the new privacy leak problems in hybrid application need be studied. The bridge mechanism enables Android hybrid applications leak privacy data through JavaScript code. And few systems can detect the privacy leak in Android hybrid applications through JavaScript code currently.Scenarios where privacy leak occurs in Android hybrid applications and the details that how privacy data spread in Dalvik Virtual Machine, WebKit engine and JavaScript engine are systematically studied. HTDroid, an efficient dynamic taint tracking system for detecting privacy leak through JavaScript code in Android hybrid application is newly proposed and implemented. HTDroid system reuses the dynamic taint tracking in Dalvik Virtual Machine of TaintDroid system and then transmits the taint tags of string datatype privacy data in Dalvik Virtual Machine to Web Kit engine and JavaScript engine. And it implements dynamic taint tracking in WebKit engine and JavaScript engine. HTDroid incurs only 22% performance overhead on a CPU-bound benchmark and imposes 4.3% overhead on JavaScript V8 engine benchmark.

Keywords/Search Tags:

Android, Hybrid Application, Privacy Leak Detection, Dynamic Taint Tracking

PDF Full Text Request

Related items

1	Research On User Oriented Android Privacy Data Leakage Detection Model Based On Taint Propagation Analysis
2	Study Of Detecting Android Application's Privacy Leaks Based On Data Lifecycle
3	Based On The Taint Analysis Of Android Privacy Leak Detection System Design And Implementation
4	The Design And Implementation Of Leak Detection System Based On Static Tainted Mechanism On Android Application
5	Research On Android Privacy Leak Detection Technology Based On Context
6	A Research On Model-based Privacy Leak Detection For Android Dynamic Class Loading
7	Resrarch On Key Technology Of Privacy Leak Detection In Android Applications
8	The Research On Android Privacy Leak Detection Technology Based On Static Single Assignment Form
9	Research On Privacy Leak Detection And Protection Technology For Android
10	Research On Detection Technology Of Android Application Privilege Leakage Vulnerability