Detection Of Permission Abuse Behaviors For Android Applications

In recent years,the Android platform has been dominating the mobile platform operating system.However,investigations have found that the Android permission mechanism is not perfect in protecting users,and there are problems such as excessive use of permissions exceeding scope of applications,and frequent use of permissions beyond functional requirements.The regulatory authorities have successively issued a number of management regulations for this purpose.However,the implementation of regulatory regulations requires the support of technical means,and it is necessary to carry out research on the detection methods of Android application permission abuse to achieve the purpose of monitoring APP behavior and protecting user privacy.Based on the investigation of existing Android permission abuse detection methods,this thesis designs an application permission abuse detection scheme based on privacy policy analysis and permission use dynamic detection,which can identify the application's declared permission set and obtain the application's requested permission set and used permission set,and detect abnormalities in the use of application permissions.The main work of this thesis is as follows:(1)This thesis proposes an overall solution for three kinds of authority abuse behaviors that are concerned by regulatory regulations: "Whether the privacy policy is prompted for the first opening","Whether the information collected is related to the business function",and "Whether the frequency of information collection exceeds functional requirements".This solution takes the APK file of the application as input,detects the privacy policy and recognizes the permissions,captures and analyzes the application behavior,and finally outputs the detection results of the above three behaviors.(2)Aiming at the problem that the general corpus is not sensitive to domain text,an annotated privacy policy corpus was established.The corpus was used to train the word vectors in the privacy policy domain,and the permission analysis model pp-ftext based on the domain word vector and the Bert-based permission analysis model were constructed,finally the set of declared permissions described in the privacy policy is identified.By obtaining the requested permission set of the application through static detection,this thesis compares it with the declared permission set,and detects whether the application has applied for an undeclared permission.(3)Aiming at the problem of incomplete information in static permission analysis,the permission-API mapping relationship is improved,and a method for dynamically monitoring application permissions based on the Xposed framework is proposed.By obtaining the used permission set of the application through the permission usage data,this thesis compares it with the declared permission set,detects whether the application uses undeclared permissions,and completes the detection of whether the information collected by the application is related to its business function.(4)By analyzing the application used permission log file,the permission usage frequency situation of the 9 permission groups of the application is obtained,and key information is extracted to indicate the application usage permission situation.Based on the view that the frequency of application usage permissions is related to its functions,the application operating status information is considered,multi-dimensional features are mined from the permission usage frequency time series data,and the isolation forest algorithm is used to realize abnormal detection of the usage frequency of the same category of application permissions.The experimental results show that the above solution detects that 31% of 1000 applications did not pop up the privacy policy reading tips when they were run for the first time.Among them,the privacy policy of the 694 applications contained the content of information collected by the app,and the permission recognition of these apps has achieved a precision of91.6% and an F1 value of 92.2%.This solution can detect that applications have applied for undeclared permissions and the behavior of using undeclared permissions.At the same time,11.1% of shopping applications have behaviors of frequently using permissions that exceed functional requirements.