Research And Implementation Of Android Application Permission Leakage Detection

Posted on:2020-03-17

Degree:Master

Type:Thesis

Country:China

Candidate:W Jiang

Full Text:PDF

GTID:2438330623964264

Subject:Software engineering

Abstract/Summary:

PDF Full Text Request

In recent years,Android dominates the mobile platform system.However,it is surveyed that the permission mechanism in Android does not been enforced properly,and the system permission are leaked to unprivileged applications.It is necessary to research detection of permission leakage problem to protect user privacy and system security.Based on the research of existing approaches,this paper transforms permission leakage into the system API leakage because of the mapping between permissions and APIs.On this basis,we study two different types of permission leakages: explicit permission leakage and implicit permission leakage,and propose different detection approaches according to the difference of the cause and process.The specific work of this paper is as follows:1.For the explicit permission leakage problem,this paper proposes an approach based on call graph,EPLDetector.The idea of the approach is to detect vulnerabilities in an application by looking for permission leak paths between public interfaces and sensitive APIs,and we propose comprehensive and detailed public interface identification algorithm.Experiments were conducted on 393 applications from application market and open source repository.The experimental results show that about 3.3% of the samples have permission leakage vulnerabilities,and EPLDetector can detect permission leakage vulnerabilities of the component interface,data storage interface and network interface.2.For implicit permission leakage problem,this paper proposes an approach,called IPLDetector.It can detect implicit permission leakages in Android application collections.The idea of the approach is to detect the implicit permission leakages in an application collection by obtaining the applications' rising permission set.Experiments were carried out on built-in applications of four different brands mobile phones.The experimental results show that IPLDetector can detect implicit permission leakage problems in an application collection,and implicit permission leakage problems exist in all these mobile phones.3.Based on the above research,we design and implement a permission leakage detection system.The system is consisted of PC and Android portion,and it can detect explicit permission leakage vulnerabilities of a single application and implicit permission leakage problems in an application collection.

Keywords/Search Tags:

permission leakage, public interface, call graph, share permission

PDF Full Text Request

Related items

1	Enhanced Permission Mechanisms In The Android Platform
2	The Design And Implemnetation Of User Permission Management System For Joincheer Development And Application
3	The Research And Improvement Of Android App Permission Detecting Techniques
4	Research Of Android Platform Permission Security Strategy Based On Isolation Mechanism
5	Research And Implementation Of An Improved RBAC Permission System
6	Risk Evaluation Based On Relationship Between Function And Permission For Android App
7	Research And Application Of Permission Management Fine Granularity RBAC Model In PDM
8	Research On Permission Detection And Vulnerability Analysis For Android Applications
9	Research On Android App Minimum Permission Set Identification For Risk Evaluation
10	Towards Comprehensible and Effective Permission Systems