Design And Implementation Of An Android Application Auditing System

Nowadays,smartphone plays a more and more important role.Different mobile applications(or apps)make people's daily life colorful.Once an app releases,it will be distributed to an application store.Then application store will deploy the app to the user's smartphone.Thus it can be seen that application store plays a vital role in the mobile ecosystem.While apps have made people's life simple,there are many apps which behave maliciously being installed to the user's device.These apps may lead user's sensitive information leakage,make people's properties suffer great loss.Frequently happened mobile security incidents indicate that the current application store lack of auditing.There are three kinds of apps which will threaten the information security of mobile users:1.Malware which will stole sensitive information;2.clone app;3.applications which use compromised third-party libraries.To solve these problems,we propose AppShield,an Android application auditing system.AppShiled integrates AppAudit which can identify the app which leaks user's sensitive information through hybrid program analysis.AppShield concludes problematic components based on the analysis results of AppAudit and AppShield will study these components later.We also propose a program analysis approach which can detect the similar packages,classes,and methods between apps even in the case of obfuscation.AppShield uses this approach to detect third-party libraries and clone apps.We have collected almost 140 thousands apps as the testset of AppShield through two years.These apps are from different regions and different application stores.We performed sensitive leakage detection through these apps,and detected more than 9,000 positive apps,and concluded more than 20 problematic components which will leak user's sensitive information.We also performed third-party library detection through more than 10 thousands apps from myapp,one of the bigest application store in China.We selected 8 distinct third-party libraries with67 versions.The analysis result shows that there are 16.4% apps using at least 1 library we selected.And Google's JSON utility library gson has the most popluate apps,10.26% in myapp.In addition,we randomly selected 1,000 apps to perform our clone app detection.And we found that a developer distributed a same app with different app names twice to myapp.The evaluation shows that AppShield can identify the app which leak sensitive information efficiently and accuratly.And conclude the problematic components which have the same behaviors.Also,AppShield has the ability to perform similarity analysis to apps to detect the victims of compromised third-party libraries and clone apps.