Research And Implementation Of Secure Container For Android Privacy Data Protection

With the development of times,mobile phones have been widely used by everyone,being an indispensable part of people's lives.Some persons even bring more than one devices with them.People not only use mobile phones to make phone call and send text messages,but also pay,locate,entertain,study and so on.So the importance of personal privacy is self-evident.The smart phones with Android system occupy most market share.Although Android system has built-in security mechanism,there are many reasons causing that the mechanism can not protect users'privacy data.The reasons include various Android versions,system fragmentation caused by every manufacturers'deep customization and latency of system update.At the same time,the third-party program sends users'sensitive information regardless of their wishes.Aiming at the problem that users'privacy can not be protected effectively,this project proposes a scheme-privacy protection container,which is able to protect privacy data in Android platform.The container can provide applications virtual running environment,and detect the applictions'use of privacy data,ultimately protecting privacy data effectively.The main achievements of this paper are as follows:The paper proposes a dynamic and static privacy data protection scheme.The static part generates the protection scheme by static analysis of the application files,and then protects the privacy data by parsing the scheme in the dynamic operation process.By combining the particularity of Java language stack and the static of Android system API,the path problem of privacy data propagation in inter-component scenarios is solved in our scheme.According to the above scheme,this paper designs and implements a secure container for Android privacy data protection.The container is divided in two parts.Static part is deployed on the server side,which generates policy files by analyzing the static privacy data of Android applications.The server side sends policy file to the client side,that is,the Android mobile terminal.The dynamic part is an Android application layer container,which installs and runs the application in the container.At the same time,the container protects users'privacy data in the application by parsing policy file.This container is deployed in application layer and possesses good portability.The experiments show that our scheme can effectively protect the privacy data in Android mobile phones.