Research And Implementation Of IOS Application Privacy Leak Detection Technology

With the development of mobile Internet,the function of smart phones has become increasingly powerful,and the mobile Internet is inseparable from people's life and work.iOS as one of the two major mobile operating systems,has captured a large amount of mobile market share with its superior performance and good user experience.Thanks to the strict audit mechanism of App Store,iOS platform has a more secure application environment than Android.However,due to lack of security awareness of developers or non-compliance with development norms,iOS applications still have security issues,and the leak of user privacy in many security issues is particularly prominent.Therefore,the research of iOS application privacy leak detection technology has become the focus of scholars at home and abroad.Currently,the user privacy in IT devices can be classified into three types,including A-type hardware information,B-type privacy in system applications and C-type privacy in third-party applications.However,the abundance of third-party applications and close man-machine relationships have led to mobile devices involving a large amount of C-type privacy data,exposing them to the threat of privacy leakage.Then C-type privacy has the characteristics of different sources of privacy and different standards of privacy disclosure.Existing detection methods can only identify a fixed system API as a private data source and then track the flow of data according to the control flow;C-type privacy data is dynamically generated by application programs combined with user behaviors,and its data sources are not fixed.As a result,existing technologies can not be followed up because they can not determine the starting point of the data flow.The judgment of C-type privacy leakage needs to combine with the application's handling of privacy data to further analyze the defects in the process of processing the privacy data,which result in the leakage of privacy.Therefore,the existing detection technology can not be applied to the detection of C-type privacy leakage.In view of the limitations of the existing technologies,this paper proposes a C-type privacy leak detection technology for iOS applications.The main work of this paper includes:1.Based on the characteristics of C-type privacy,this paper studies the C-type privacy tracking technology based on application instrumentation technology,from the privacy content and privacy carrier to recognize the sources of C-type privacy,to solve the privacy of the source caused by the data can not be tracked.2.According to the process of privacy data processing,this paper divides the iOS application into four modules:data processing,data storage,data transmission and log buffer,and studies the basic functions and security features of each module,and analyze the privacy protection defects in each module by monitoring the privacy sink point.3.This paper builds a risk assessment model based on AHP for C-type privacy leakage of iOS application.Combined with the four modules' privacy protection defects,it quantifies the risk of privacy leakage and makes up for the lack of C-type privacy leakage judgment standard.4.Designing and implementing the privacy leak detection system for iOS application by combining static detection,dynamic detection and forensics technology,and verifying the feasibility of the scheme by experiments.Then,this paper selects five kinds of applications related to user privacy in the App Store to detect the privacy leak,and analyzes the privacy leak in different kinds of applications.