Research On Fine-grained Permission Management For Android Advertisement Library

Since Android apps often release in free mode,advertising is the only source of revenue for most developers.At the same time mobile advertising is a very important part of mobile application ecosystem,beacause it involves interests of mobile users,application developers,and advertisers.Once the advertising library encounters a security problem,it may damage the Android system,or leak the user's privacy,or make the application punished by application store.And advertisers will not achieve the purpose of product promotion.Android ad library is mostly provided by third-party service providers who can not guarantee security.The current granularity of Android Permission Management is application level,which can not manage independently permission used by advertising library.And application users have no idea whether their information is exploited by advertising or application.In this thesis,we sort out security problem caused by advertising library into three categories.Then we analysis their damage combined with the Android Security Mechanism.It turns out that excessive permission will affect user experience and developers' interests,which furthermore result in privacy leaks.And Malicious or vulnerable advertising library will misuse these permissions.We reveal that the permission problem is unavoidable because Android only manages permissions in units of applications,which do not know the real caller of sensitive methods.To solve this problem,we propose a fine-grained permission management framework for Android advertising library.We train a classifier to separate advertising library from application source code.Then we wrote the package name of ad library and permissions it used into the AndroidManifest.We track call stacks during the process of system permission check methods so that we get the real user of permissions.At last of the thesis,we evaluate the framework by implementing the prototype system named AdPermManager.It turns out that AdPermManager is more practical than existing methods and compatiable with current Android applications.