Research And Implementation Of Privacy Leak Detection Technology Oriented Smart-Phone

With the popularity of smart-phone, it involves a growing number of user privacy information, and a large number of malicious or irregular applications pose a serious risk of privacy disclosure to the users.So the attention rate of privacy protection and privacy disclosure detection oritened on smart device at home and abroad is also increasing, but most of the researches based on a single detection method,which can't assess the privacy disclosure risk of the application comprehensivily.To solve the problem, this paper presents a multi-dimensional smart-phone privacy disclosure evaluation model., and the model is applied to the design and implemention of two privacy disclosure analysis systems oriented to Android OS and iOS,based on the in-depth study of a large number of privacy disclosure detection method and mainstream operating system of smart-phone- Android OS and iOS. The main work of this paper includes:1. To solve the problem that the existing smart-phone platform is lacking of systematic assessment methods of privacy disclosure detection, put forward a multi-dimensional privacy disclosure detection model oriented smart-phone. The model includes static analysis, dynamic analysis and data analysis to extract the privacy disclosure behavior and assess the risk of the application from multiple dimensions,which effectively compensate for the inherent defects of the single analysis method, better solves the quantization problem of privacy disclosure.2. Designing and developing a privacy disclosure analysis system for Android OS, with three mian parts of static analysis, dynamic analysis and data analysis. The static analysis achieves the permission analysis of AndroidManifest.xml file and the sensitive API analysis of the decompiled files; dynamic analysis realizes the real-time monitoring of the acts that the applications access to private information with hook; data analysis research the realization of TaintDroid and DroidBox, and imlementates a stain detection system——Exdroid,used to detect the leak of private data, which extended the tainted label type and add the network monitoring compared to TaintDroid.3. Designing and developing a privacy disclosure analysis system for iOS, with three main parts of static analysis, dynamic analysis and data analysis. Static analysis realized the disassembly of iOS application and the sensitive API analysis of disassembly file; dynamic analysis hook and covering privacy API function to realize the dynamic monitoring of private data; data analysis realized the application traffic forwarding, data capture and the analysis of data packet protocol and IP, as well as the SSL data capture.4. Designing and implementing other functional modules of two system mentioned above, including "import APK" module, "connect the device" module and "generate report" module. The "import APK" module used to obtain application's exection file in Android device without root privileges; "connect the device" module's function is obtaining device information and application list in IOS devices without jailbreaking; "generate report" module implements the integration of static analysis, dynamic analysis and data analysis results,and calculation value of the comprehensive evaluation, as well as show them with HTML and histogram.