Privacy Leak Analysis Of Android Apps Based On Network Traffic

With the rapid development of mobile internet,mobile devices such as smartphones and tablets play a more and more important role in people's daily life.Because of the open source of the Android,mobile devices,which contain a variety of user privacy information,have serious threats of privacy leaks.Once grasped by the criminals,it will cause significant losses to users.Therefore,it is significant for users to research how to detect the unnecessary privacy leaks of Android Apps.Although the research community has developed a lot of privacy leak detection tools based on data flow tracking inside the app or through network traffic analysis,it is still unclear what situation that apps are leaking private information.In fact,all existing Android application detecting tools have some drawbacks:on the one hand,the data flow tracking method may cause the phenomenon of false positives by marking the implicit flow,as well as false negatives when the data flow from a source of private information to a network sink is interrupted;and network traffic analysis cannot handle encryption or custom encoding.On the other hand,data flow tracking and network traffic tracking analysis cannot determine whether the leaks of user privacy is related to the application implementation of their own functions,or are purely unnecessary.We propose a new approach to privacy leak detection based on network traffic difference analysis is not affected by such limitations.The main research work is as follows:(1)Research and analyze the network behavior of Android apps,and establish the judgment standard for the apps of privacy leaks.The privacy of users in running apps are mostly as the network interface access the internet services.Though analyze the network behavior of Android apps,we establish criteria used to detect Android apps unnecessary privacy leaks in network layer.That is,we observe the changes of the response body through modifying the user's privacy,which contained in network flows.(2)We propose a method to eliminate any sources of non-determinism in Android network traffic.we need collect large of Android apps privacy flows,eliminate uncertain data in flows by Android Hook technology,and process encryption or custom string combined with the Log file produced by Hook technology.Then,we should parse the flows into syntax tree format.(3)We propose a differential analysis detection technique by modifying the privacy information in the request flow and then comparing the response flow.We should modify the source of privacy,repeat the above steps,and detect leaks by observing deviations in the resulting network traffic.If the response flows changed,it indicates that the app's leaks are related to the application function.In other words,it is necessary to privacy.Otherwise,it indicates that the app's leaks are uncorrelated to the application function and not necessary.Through the detection of 2500 normal apps and 500 malicious apps in the market,the method has a good detection rate.