| The issue of Android privacy leaks is still serious.Both malicious and non-malicious applications have privacy leaks.To date developers prefer to put core functions(e.g.,encryption function,T9 search function)of Android applications in the native layer for efficiency of applications.However,there is no either comprehensive security research work or automated security analysis tool for us to inspect the privacy and security of Android native layer,in particular,few of us knows if the third-party SO Library dynamically loaded within the applications is secure.To solve this problem,we have improved the existing control flow graph extension method,and,put forward a kind of malicious software detection method by mixing analysis to generate control flow graph for taint analysis.And we propose a novel and scalable system,called SoProtector,to prevent privacy leak from two layers of the applications,via the analysis of data flow between the Java and native layers.SoProtector contains a real-time monitor to detect malicious function implanted in the SO libraries.Our experiment involving 3,400 applications demonstrates that SoProtector is able to detect more sources,sinks and smudges compared to most of static analysis tools(e.g.,FlowDroid and AndroidLeaks).Furthermore,SoProtector effectively inspects and blocks more than 82%of the applications dynamically loading malicious third-party SO with low overhead.Therefore,the proposed method and the prototype system can be used in the actual monitoring of Android malware,which has some theoretical and practical application value. |
PDF Full Text Request