Research On Android Application Privacy Security Based On Multi Features

In the past ten years,the popularity of smart phones has greatly promoted the development of mobile applications.According to the data of MIIT,Until September 2020,there are 940 million mobile Internet users in China,1.43 billion active devices per month,and 3.57 million mobile applications in the domestic market.Mobile applications have become an indispensable role in people's daily lives.Many users store large amounts of sensitive personal privacy data on their mobile devices,and these data are at risk of malicious disclosure,which has become a major threat to the entire mobile application ecosystem.This article conducts research on user privacy security of Android applications.At present,the research work on Android application privacy and security mainly has two methods based on text and program code,but these two research methods have their own problems.The text-based method generally only analyzes the description of the App,and extracts the functional information of the application from the App's description to infer the reasonable set of permissions.However,because the description of the application cannot fully explain the functional characteristics of the application,as a result,the reasonable permissions of the application may be judged as over-declared permissions.However,the method based on application code does not take into account the functional features hidden in the text of the application,and the program behavior of maliciously leaking user privacy for apps is different with different functions,resulting in that the detection results of this method are often not accurate enough.Regardless of the text of the application or the program code,it actually reflects the privacy and security information of the application to a certain extent.This article aims to study how to analyze the multi-dimensional information of Android applications and extract effective features from it,so as to more accurately assess the privacy and security risks of the application.The research of this article mainly includes the following three aspects:(1)Data collection and preprocessingBecause the research of this article needs to analyze the text and program data flow of the application.However,most of the existing researches only conduct user privacy and security research on a single feature,and the collected data sets cannot meet the needs of this article.Therefore,it is necessary to collect experiment-related application data.This article collected the description text and APK installation files of 1668 benign apps and 783 malicious apps through the crawler.The interface text and privacy permission information of the App were extracted from the APK files through decode and static code analysis,and finally the collected text information A certain amount of pretreatment was carried out.(2)Text-based privacy permissions security detectionExisting research methods for detecting excessive application permissions(over-declared permissions)of applications are mainly to analyze the application description text.Since the description of the application cannot fully explain the functional characteristics of the application,it may misjudge the reasonable permissions of the application.In response to this problem,this article uses the LDA topic model to extract the functional features of the application,adds UI element context information,uses the Apriori algorithm to find the mapping between interface keywords and privacy permissions,and combines the description and The information of the interface analyzes the reasonable permission set of the application,and reduces the misjudgment of the over-declared permissions based on the single App's description.(3)Privacy security detection based on multi-dimensional featuresThe analysis method based on the text of the application can only get whether an application has the risk of over-declared permissions,and cannot judge whether the application has malicious behavior that leaks the user's privacy.Existing methods based on program data flow analysis have achieved good results in the detection of privacy leakage malicious behaviors.However,the single analysis of the program data flow does not take into account the functional features hidden in the text of the application,and these detection methods use a single machine learning model for malicious detection,so the detection results are often not accurate enough.Based on the data flow characteristics of the static code analysis program,this paper uses the CCA canonical correlation analysis algorithm to integrate the text characteristics of the application,and for the first time applies the idea of integrated learning to the detection of malicious behaviors that reveal user privacy,using Stacking algorithm combines multiple machine learning classification models to analyze the fusion features of text and data flows,and improves the accuracy of Android application privacy security detection.