Research And Implementation On Detecting Privacy Leakage Of Android Apps Based On Static Taint Analysis

Recently,Android smartphones develops rapidly.But the nature of open source and weakness of check lead malicious App growing in App Market.Unfortunately,it is unable to meet the requirement of massive sample detecting tasks only depending on the manual analysis.Therefore,this thesis researches APK function classification and sensitive value calculation,and then apply these achievements into the design and implementation of detecting system.This thesis summarizes the characteristics of static analysis,and combines static taint propagation technology,categorizes the APK files according actual operation function.Based on the classification,the thesis configures SOURCE and SINK which make static analysis more targeted and reduce the consumption of memory and time.Secondly,this thesis designs the sensitive value calculation model.On the basis of calculation model and the call frequency,this thesis is able to calculate the sensitive value of paths and the APK file.Finally,based on the above two theories,the thesis implements a detection system.In order to observe the leakage data,the thesis designs a report which can show detecting report more effectively.Through the report,users can directly look over the detail of sensitive paths and the sensitive value.The test and analysis show that the system can improve accuracy and reduce detecting time.