An Automatic Method For Privacy Information Leakage Detection

Because smartphones are portable,powerful,and easy to be extended,they are preferred by more and more people.Android stands out in the smartphone operating systems,with its open resource and free of charge.Therefore utilization of the Android rises year by year.Different from the applications in PC,the applications in Android have lots of permissions,which enable them to collect many user's personal information,like contacts,call log,sms,etc.The open source character of Android brings developers convenience,but also brings security threats because of those permissions.Attackers can intrude system,infect applications,get users' information,etc.Privacy information's leakage will bring great risk to users.Hence,Researches and explorations on Android applications' privacy leakage detection have great significance.First,the thesis studies the Android system architecture and security mechanism,analyzes the researches related to the privacy leakage of Android applications,and illustrates the key technology of Android privacy-leakage.Second,in the view of privacy leakage problem in Android applications,this thesis puts forward an automated detection system,which is based on static taint tracking.Based on a voting method to a set of same kind of applications,we collect some applications from many markets and sort them with different types.We improve Flowdroid's privacy output by eliminating redundancy and classifying.As result,we get some collections of databases with the same type;Then,we use Random Forest to generate a forest of leakage classification.In that algorithm,we put that certain type of leakage database collection as input,put suspected privacy as feature extraction,and put data flow leakage type as the reference.It becomes a legal privacy data flow filter with the use of Random Forest's voting method.Third,we use a forest of leakage classification to test the privacy leak in an application which has the same type with the forest.Furthermore,we design a function named Reverse Position,which can provide us more rich results of privacy leakage.Finally,we collect applications of the same type from multiple markets as test data,and using them as input to generate the testing system.We verify and evaluate this system.The results show that this method has a good detection effect,and it can be more effective than other methods to detect the privacy leakages that exist in the Android applications.