| With the advent of big data era,more and more personalized recommendation services emerge in people’s daily life.For users,the Internet brings convenience to their lives.However,the information disclosure problem of mobile devices is becoming more and more serious.Users of mobile devices reveal information about their lives,preferences and identities to others without their control or knowledge.Without user’s control refers to that many current applications use the kidnap clause:when opening these applications,users must accept the privacy policy set by application,otherwise the user can’t use the application normally.Without user’s knowledge refers to that the application stores the user’s information or transmits it to the server over the network without the user’s consent.Current privacy disclosure detection schemes for Android applications focus more on determining whether privacy and sensitive data is transmitted from Android phones,and most of them can’t estimate whether privacy and sensitive data is necessary for the application function.Therefore,We propose a novel detection scheme,and design an Android application privacy disclosure diagnosis system Prdid(Privacy-Disclosure-Diagnosis).The main contents of this paper are as follows:1.File storage,network transmission,interprocess communication between applications and application interface display are called as the four communication channels in this paper.And we implement different data acquisition schemes according to the characteristics of the application’s communication channels and permissions.The network data acquisition scheme,among the data acquisition schemes,has the characteristics of real time and comprehensiveness which are helpful to solve the problems of incomplete results and low automation existing in the current network data acquisition scheme on Android platform.2.Based on the analysis of application communication,we propose a novel privacy disclosure detection scheme.The detection scheme takes the text data information displayed on the application interface as the standard to judge the rationality of privacy-sensitive data information transmitted in other communication channels.This detection scheme can well reduce the probability of false positive in the detection results.3.We propose an Android application privacy disclosure diagnosis system called Prdid.Prdid system consists of dynamic detection framework and static analysis framework,and the frameworks are composed of multi-layer modules.The dynamic detection framework is mainly implemented in Android security container based on the privacy disclosure detection scheme mentioned before.We classify the types of privacy disclosure in detail,so the Prdid system can diagnose the specific type of privacy disclosure that the application is involved in. |
PDF Full Text Request