Study Of Detecting Android Application's Privacy Leaks Based On Data Lifecycle

Nowadays, with the development and maturity of smartphone application market, a large amount of privacy data may be generated maliciously while user can access various types of applications conveniently, which makes privacy leakage become a serious security issue on smartphone platform. It is even worse for Android platform due to the openness of Android. Not only some malicious programs like virus and Trojan will cause the user's privacy leakage via vulnerabilities of the applications or Android platform, but also the application developers'non-standard development behavior and leak of security awareness will result in the user's privacy disclosure. At present,some detection tools have been proposed for detecting the privacy leakages on the Android platform, but these tools are working with a low detection accuracy, or coupling with the Android OS or its applications. What's more, there is no uniform standard for the existing detection tools.In this paper, we focus on the cache files generated by the applications, design and implement a privacy leakage detection system which combines dynamic tracking with static analysis. After observing the privacy data during the whole life cycle, it can dynamically monitor the privacy data contained in the cache file, and detect whether the application itself protects cache files properly. Through the definition of privacy leak standards to develop relevant policies, the privacy leak state in the application is analyzed, and finally the detailed application privacy leakage will be reported.The main research results of this paper are as follows:1. Studies on the standard of privacy leaks in the whole lifecycle based on Android platform. Firstly, we classify the privacy data on Android platform, simulate the threat scenarios of privacy leak, and select the cache file for the most valuable target; then we parse the data structure in cache file, and monitor the app and analyze whether the cache files in the app are protected properly; finally, we get application's actual privacy leakage information.2. Design and implementation on the privacy leakage detecting system for the cache files. Combining the main idea of dynamic tracking and static analysis, X-Decaf(Xposed-based-detecting-cache-file), a privacy leak detection system aiming at cache file, is firstly proposed.After learning and training on plenty of apps, X-Decaf gets an excellent policy library which contains a mapping between privacy and sensitive APIs. Compared with other existing privacy leakage detection systems,X-Decaf can monitor cache files' behaviors more efficiently based on Xposed method hook mechanism as well as filter the detection results by strict policy judgment and static analysis for its high level of accuracy.3. Evaluation of X-Decaf and other privacy leakage detection system.Firstly, we choose the 50 most popular applications from markets to detect their privacy leakage status using X-Decaf, and analyze the detection performance of X-Decaf and the effect of X-Decaf on the application runtime performance. Compared with the existing privacy leakage detection tools, X-Decaf can dynamically detect the cache files generated while app is running, and clearly show the specific privacy types containing in these cache files. Finally, after a deep research on current detection tools, we propose several targeted assessment indexes for privacy leak detection tools, compare these detection tools with these assessment indexes, and evaluate their advantages and shortcomings,hoping to promote the criteria establishment of privacy leak detection onAndroid platform.