Research And Implementation Of Android Application Detection Method Based On Inter-Component Communication Analysis

With the rapid development of mobile Internet technology,Android system has occupied a dominant position in China's mobile Internet market.The widespread use of Android also makes Android users become the most important target of attack in the mobile Internet environment.The privacy data of users are stolen by criminals,thus causing a large number of privacy leakage problems.Traditional privacy analysis method through the analysis of the stain to determine privacy leak path,but this method of communication between components analysis breakpoints,and the communication between the components of privacy leak path to explore depend on the precision of component correlation analysis,the lack of component connection will greatly affect the privacy analysis result,so the traditional method is not enough to cause inter-component communication privacy problems.,in order to find out the complete privacy disclosure analysis path,it is necessary to ensure the accuracy of component association analysis and solve the code breakpoint problem.Existing studies have made preliminary progress in analyzing the privacy leakage and security problems caused by the communication between Android application components,but there are still omissions or false reports in the component association analysis,and there are some problems in the privacy leakage and security analysis,such as the high false positives of the evaluation results caused by insufficient evaluation features.To solve the above problems,this paper proposes a security detection method for Android applications based on inter-component communication for privacy disclosure.The main contributions are as follows:First,In order to explore the complete privacy disclosure path and reduce the false alarm and omission of component association analysis,a component association analysis method based on communication between Android components is proposed.The fuzzy matching method is used to combine the regular constraints,and the association is established according to the communication mode of each component.The empirical probability of component association is obtained according to the use mode of precise communication parameters between components.The empirical probability is used to evaluate the component association relationship of fuzzy parameters,and the reliable association is screened according to the evaluation result to generate the analysis basis for security analysis.Second,According to the deficiencies in the analysis of privacy disclosure problems caused by communication between components,the security detection method of privacy disclosure for Android applications based on component association is proposed to solve the problem of insufficient code breakpoints and evaluation features.First based on virtual main function and the pile technology to deal with static analysis of code breakpoints,and then integrated sensitive permissions,triggering factors,environmental factors and so on many judgement basis,the privacy security analysis model is established by using analytic hierarchy process(AHP),to model whether privacy security,reduce the existing security analysis of the value of a false positive.Third,Based on the above methods,an Android application security detection system based on inter-component communication is designed and implemented.Two sample sets,DroidBench and in-flight application,are selected to test and evaluate the system.Experimental results show that the system reduces the false positive value of privacy disclosure detection and can effectively detect the privacy disclosure problem based on the communication between components.