Research On Privacy Leakage Detection Technology For Android Applications

While Android mobile devices bring convenience to users’ lives,they also cause immeasurable losses to users because of the existence of a large number of applications that leak user privacy.At present,the research on privacy leakage detection of Android platform is mainly based on static analysis,which is relatively mature academically.However,there are still many problems in the application of privacy leakage detection tools based on static analysis in the actual environment.Both theoretical and experimental aspects of the traditional static detection tool Flow Droid are studied in the thesis,and two problems are found.Firstly,the blind pursuit of wide-range analysis brings a lot of redundant detection,which leads to long detection time and large memory consumption? Secondly,the accuracy of detection results is affected by the lack of targeted detection.To solve these problems,the thesis analyzes that different classes of Android applications have different sensitive characteristics,and the sensitivity of the same sensitive call to different classes of applications is different,on this basis,a privacy leak detection framework based on Android application classification is proposed,which retains the advantages of traditional privacy leak detection such as high coverage of detection paths,high degree of automation,etc.In addition,redundant detection is greatly reduced,memory consumption is reduced,and the pertinence and efficiency of detection are improved.The main work of this thesis is as follows:1.Thesis designs and implements a feature permission extraction method based on chi-square verification,which can extract sensitive feature privilege sets quickly and accurately for all kinds of Android applications,it lays the foundation for subsequent privacy leakage detection to reduce redundancy.2.Thesis designs and implements the Android application classification method based on ensemble learning.The feature selection based on TF-IDF algorithm ensures the representativeness of the classification feature.The SVM,KNN,decision tree and Naive Bayes algorithm are selected as the base classifier.The module can classify Android applications accurately.The experimental results show that the accuracy of the module is82.88%,which lays the foundation for subsequent targeted privacy leakage detection.3.Thesis focuses on control flow analysis and data-flow analysis techniques.The main task of the control flow analysis is to construct a global control flow diagram for Android applications.The Data-flow analysis are divided into forward Data-flow analysis and backward Data-flow analysis,this lays the foundation for a complete privacy leak path.4.Finally,based on the improved scheme,the thesis designs and implements a privacy leak detection framework,Cls Droid,which is based on the classification of Android applications.Finally,this paper designs and implements a privacy leakage detection framework called Cls Droid based on the improvement plan.The experiment shows that compared with Flow Droid,Cls Droid improves the average detection speed by 56.6% and reduces the average memory consumption by 60.2%.This proves the availabil of Cls Droid in practical Android application privacy leakage detection scenarios.