Research On Android Privacy Leakage Detection Method Based On Static Taint Analysis

With the rapid development of mobile Internet technology,the market share occupied by Android platform is gradually increasing,and mobile smart devices are gradually entering people's life.Smartphones,tablets and other mobile terminal devices not only bring convenience to users,but also store a large number of sensitive information,such as bank accounts,contacts and so on.Due to improper user operations and malware attacks,the sensitive information is extremely easy be leaked,which poses a serious threat to the privacy security of users.At present,researchers mainly use dynamic or static analysis tools to detect based on the permission mechanism of the Android system.However,due to the coarse-grained permissions,it is difficult to detect more privacy leakage behaviors,and most of the existing detection methods lack detection for specific sensitive data leakage,which leads to excessive consumption of computing resources,which affects the detection efficiency.Therefore,this paper comprehensively uses a variety of static analysis techniques,and on the basis of constructing domestic data sets,conducts privacy leak detection for the transmission process of sensitive data.The main work is as follows:(1)Data collection and preprocessing.Collect 1500 applications in 15 categories from major domestic application stores and decompile them to obtain the source code of the program to be analyzed.By studying the transmission characteristics of private data and analyzing the situation of permission invocation that easily causes data leakage,we define the concept of sensitive permission.In addition,this paper also extracts the permissions,API,and Intent features to facilitate comprehensive and targeted data leakage detection.(2)We proposed An Android privacy leakage detection method based on static taint analysis.To detect the coarse-grained problems in the use of permissions,on the basis of sensitive permissions,the corresponding API is extracted,and the mapping relationship between sensitive permissions and APIs is constructed;then the static taint analysis method is used to track the transmission process of sensitive data flow from the source point of data flow,and determine whether there is privacy leakage behavior by checking the data aggregation point.The experimental results show that the accuracy of this method is higher than the detection method with ordinary permissions as the characteristics,and the average detection time is 4.8s,which can be used to detect large-scale applications.(3)In view of the situation of repeated call analysis of the same function during the stain analysis process,an optimization method based on Flow Droid is proposed.By constructing the inter-process control flow graph of the application program to obtain a more complete sensitive data transmission path During the process,construct frequent function call sets,count the functions that are repeatedly called,and return the results directly when called multiple times,thereby reducing the path of analysis required.Then,on the basis of the obtained complete transmission path,the transmitted information is further judged in order to screen out the parts that actually cause privacy leakage.Experimental results show that compared with Flow Droid,this method can guarantee a high detection rate and reduce the computational overhead in the detection process.