Design And Implementation Of Android Application Privacy Protocol Extraction And Verification System

As the domestic mobile application market pays more and more attention to user privacy protection,the research on the privacy protocol of mobile application becomes more and more important.However,compared with Google Play,which forces developers to upload the privacy protocol when releasing apps,domestic third-party markets do not have such mandatory requirements.Therefore,if the issues related to privacy protocols of mobile applications targets at Google Play,it can be used to directly crawl the privacy protocol on the web page through the crawler,and the difficulty of obtaining samples is low,but it is out of touch with the actual situation in China.If the research orientation in the domestic market of a third party,although the joint domestic actual situation,but because of the lack of privacy agreement on a web page,use the application of internal privacy agreement for analysis material,get difficult,resulting in a large number of for the domestic market of a third party related subjects using manual capture application within the privacy agreement.Therefore,this paper designs and implements a system to automatically extract the privacy protocol within the application and analyze the matching between the privacy behavior and the privacy protocol.The main achievements of this paper are as follows:(1)According to the features of privacy protocol page in the application,an automatic extraction scheme of privacy protocol based on Activity tree was designed.This scheme generates an Activity tree graph through static analysis of the calling relationship between classes in the smali code,and writes an automated test script through the hierarchical traversal policy of the tree,so as to realize the automatic extraction of the privacy protocol within the application.(2)In view of the situation that a single Activity has multiple pages,an automated test scheme based on the application page was designed to establish a traversal model.Compared with the previous method of building an traversal model based on Activity components,this scheme details the basis of modeling and builds an traversal model by applying the UI control tree of the current page,which can better cope with the situation of multi-page activities.At the same time the scheme combined with Xposed framework based Hook technology,the application of the privacy act can be automatically recorded.(3)This paper proposes a method to automatically compare and analyze the privacy behavior and privacy protocol through api-keyword mapping list.Using the extracted text privacy agreement word2vec model training,through training to complete the word vector model of words semantic similarity calculation,and then quickly extract a large number of keywords associated with private information,to select sensitive API with the corresponding keywords to establish a mapping relationship,form mapping API-keywords list,through the list privacy can be converted into keywords can be compared with the privacy agreement.(4)The design scheme of the whole system is realized,and the functional test of each module is carried out.Through the batch sample experiment,the system has a high extraction success rate of 86.4%for the privacy protocol in application.At the same time,the function of automatic comparison of privacy behavior and privacy protocol can effectively assist the research of related subjects.