Research On Static Detection Method Of Android Security Information Flow Based On Taint Analysis

Due to the lack of sufficient security certification when the Android program is released,there may be information security risks such as data leakage and misuse of private data when using the Android application.Therefore,detecting the security information flow in the Android application is important for protecting personal privacy and personal information and the safety of property.The static taint analysis is one of the important technologies to detect the security information flow in Android applications.However,for it fails to solve the challenging problems of Inter-Component Communication,reflection and implicit information flow,it has problems with high false alarm rate and low analysis efficiency in use.Aiming at the problem of components communication and dissemination and leakage of privacy information problems of Inter-Component in Android applications,this paper proposes a static secure information flow detection method based on taint analysis,detects and forecasts insecure information flow within and among components in Android programs and protects sensitive data from being leaked.The main research contents are as follows:(1)By optimizing and transforming the current main analysis tool—FlowDroid,its analysis efficiency has been improved.Based on the analysis of the underlying source code of FlowDroid,the FlowDroid tool has been optimized and modified in two aspects:First,the search for components in the entry point module is modified,and only the dynamic registered components and callback functions in a single component are collected each time to avoid repeated generation of the DummyMain function,and can effectively reduce analysis time and memory consumption;second,by replacing the set of Data Flow Facts in the core algorithm of FlowDroid-IFDS algorithm with a smaller equivalent set,Reduce the calculation of invalid paths,thereby shortening the time spending in the taint analysis module;(2)The construction of communication diagrams among components based on static string analysis technology.First,by designing test cases,the current main string analysis technology and related tools were tested,and their string parsing capabilities were evaluated;then on this basis,IC3 tool was selected as the static string analysis technology,and the possible values of the propagated Intent attributes establish the possible communication relationships among components,and the ICC matching algorithm was disigned,and generate the communication relationship diagram ICCG between components;(3)Inter-component taint analysis method based on FlowDroid and ICCG diagram of Android application was proposed.First,use FlowDroid to detect the information flow that may exist in the component,and then detect the information flow across multiple components and analyze the privacy data leakage based on the generated ICCG diagram.The test results show that,compared with the same type of inspection tools,the accuracy of this method is increased by 9%,and the recall rate is increased by 11%.