Based On The Taint Analysis Of Android Privacy Leak Detection System Design And Implementation

Privacy leaking is one of the most important issue in Android security,and the main detecting way is taint analysis.With high code coverage,low negative rate,static taint analysis is widely used to detect android privacy leaking.However,the current static taint analysis tool can't deal with relatively large Android application effectively and quickly(the actual Android applications are relatively large).On the other hand,the result these tools output lacks of context information,making the subsequent processing difficult to carry out.To cope with these drawbacks,this paper designs an Android privacy data leakage detection system based on static taint analysis,TaintPathTracker,and implements it.At first,TaintPathTracker does a rapid static taint analysis for Android Application,then processes the original taint path,including constructing context information of taint path,compressing taint path with context information and deleting irrelevant information in it,then builds graph element according the taint path,at last,output the result.The main work of this paper is as follows:(1)In view of the shortcomings of existing taint analysis tools,design and implement a new static taint analysis system,TaintPathTracker.TaintPathTracker can perform a quick taint analysis for android app,and output an visual taint flow path with context.(2)Design and implement taint flow path visualizing engine CTFPVisual.CTFPVisual adds context information for taint flow path,compresses it,deletes irrelevant information in it,builds graph element according the taint path,and then at last,outputs the result.(3)Analyze Flowdroid in detail,and discover the deficiency of Flowdroid(with higher memory requirements,detecting is slow,unable to effectively apply to the Android App on Android App market).Analyze the reasons of insufficient,put forward two improvement solution:testing App by single Android component,and searching App by part component.In addition,we conduct feasibility analysis.And after proving the correctness and feasibility of the two improved scheme,we implement and test this two solution,proving the effectiveness of the two solution.(4)Based on CTFPVisual engine and Flowdroid improved,we implements TaintPathTracker and performs a complete test.The test result shows that under the premise of ensuring the effectiveness,the system can improve the speed of the privacy data leaking detection,and draw an precise graph of privacy data leaking path with context information.