The Design And Implementation Of Leak Detection System Based On Static Tainted Mechanism On Android Application

Now,there are a large number of android apps,and privacy leaks exist app also increasingly difficult to detect. Meanwhile, attacks against android phones become more and more. According to statistics, the total amount of malicious code android in 2014 has increased to 1.23 millions, this trend is further improved. Faced with increasingly serious privacy issues,on the one hand,Google has fucused on safety on the system level,on the other hand,tools for testing app show up.Android app privacy leak detection, current technology is mainly divided into two kinds: static testing and dynamic testing. dynamic testing detects the privacy leakavage when the app is running,this testing is relatively resources comsuming. Static detection code does not need to actually run,it is detected by analyzing the source code,so it saves resources. Currently, the research on privacy leak detection is more but the effect is not every obvious.This article based on static taint analysis,to detect the android app privacy leaks. First,we define the privacy of data and privacy export api. take advantage of the opensource projects androguard to generate the control flow graph of an apk file. while search for the source of privacy and privacy export api, generate source corresponding function set privacy and privacy export api A corresponding set of functions B. By controlling the flow chart to determine whether there is a path from the set A to set B, and if there is not, there is no loss of privacy. If there is, begin with the existence of privacy source code, set up blemishes parameters,then Simulation execute the smali code.if there is tainted data found among export api function parameters, it shows that there is a source of privacy by some paths into the export api. this paper considers the app exists privacy leakavage. Finally, to collect all the privacy leakage sources, Then according to the security of the app and malicious app,we get the weight of each privacy source. Use AHP scoring the entire app, get the value of a loss of privacy. If the value is greater than the threshold already set, it is believed that the presence of loss of privacy app, otherwise, there is no loss of privacy.