Research On Detection And Protection For Inter-application Privacy Leakage In Android Application

In recent years,with the increasing popularity and adoption of Android-based smartphones,more and more attackers have directed to Android Application which results in the increasingly serious leakage of user's privacy.The existing detection methods mainly focus on application's internal privacy,while it ignores the privacy leakage across the applications.To solve this problem,this thesis proposes a data-flow analysis-based protection and detection method.Experimental results show that there are 5 groups of applications existing privacy leakage across application in the 81 applications,and protection method can effectively reduce the hazards of privacy leakage.The study consists of the following four aspects:(1)To solve the problem that App has lots of unrelated components about privacy leakage,this thesis presents a method of generating a sequence of components that potentially leaks privacy.First,the App will be classified by analyzing the attribute value,so that the form of App combination which can leak privacy will be generated.Then,we get subsequence of potential privacy leakage by analyzing the form of App combination.Finally,two subsequences are used to construct the potential privacy leakage,aiming at removing unrelated components.(2)As for the need to simulate App's operation logic by means of control flow graph,this thesis proposes the method that combines virtual main function with the technique named instrumentation.First,we generate virtual main function in the components,simulating the lifecycle of the component.Then,we insert a specific code in the application using the instrumentation,so that functions are reachable.Finally,the control flow graph is generated to simulate App's running logic.(3)To solve the problem of the privacy leakage across the applications,this thesis proposes a protection method based on encryption.On the basis of the detection of privacy leakage path,the method will insert the code in the related component,attempting to mitigate the hazards of privacy leakage.(4)A detection and protection system is designed and implemented according to the proposed detection and protection scheme.Theoretical and experimental analysis shows that the system can effectively detect and avoid the privacy leakage across the applications.Meanwhile,it is observed that the protection system exerts no significant influence upon the functions of the applications.