Research On Android Application Compliance Detection Methods

In recent years,the market share of Android system is far ahead,and functional mobile applications have become an integral part of people’s daily life,but non-standard applications also pose a great threat to users’ privacy.At present,most of the research on Android application compliance focuses on two aspects:the detection of illegal permissionrequest and function description compliance detection,accurately identifying the permission set used by the application and the declared permission set implied in the functional description is very important for detecting application compliance.In the aspect of constructing the used permission set of the application,the existing pure static analysis method is affected by obfuscation technology,the obtained used permission set is smaller than the actual,which leads to a high false negatives rate of illegal permission-request detection? in the aspect of identifying the declarative permission sets implied in the functional descriptions,the traditional functional description identifying model perform poorly in feature extraction,and the identified declarative permission set is smaller than the actual,resulting in a high false positives rate of functional description compliance detection.To solve the above problems,this thesis researches Android application compliance detection methods to protect user privacy and standardize application behavior,the main work of the thesis includes:(1)Aiming at the problem of false negatives in the detection of illegal permissionrequest,this thesis overcomes the impact of code obfuscation techniques by blending dynamic and static analysis to construct a more accurate set of used permissions.According to the new characteristics of Android 6.0:dangerous permissions need to be request dynamically,we redefined the judgment standard of illegal permission-request: the actual used permission set of the application is marked as A,and the maximum frequent dangerous permission set of the category which the application belongs to is marked as B.If A-B ?= ?,the application has illegal permission-request.(2)Aiming at the problem of false positives in functional description compliance detection,this thesis uses the Bert model to embed the functional description text to solve the problem of multiple meanings of one word,and then uses DSE network to extract semantic features from the output layer of Bert to improve the accuracy of identifying the declarative permission sets implied in the functional descriptions.Finally,compare the declared permission set with the used permission set to check if the functional description is compliant.(3)Based on the above two works,an Android application compliance detection system is designed and implemented.The system evaluates and analyzes the application from two perspectives: whether there is a illegal permission request and whether the functional description is compliant,after functional testing and performance testing,the system can correctly implement application compliance detection.The experimental results show that the ROC-AUC value and PR-AUC value of the permission recognition model based on the attention mechanism proposed in this thesis reach 0.9813 and 0.7003 respectively,which are 1.38% 和 16.88% higher than the baseline model FCDP respectively and reduce the false positives rate of functional description compliance detection.Through the case analysis of the application of ’Mps Juice’ and’Un Dos Tres’,it is verified that the new standard of illegal claim determination has practical significance and blending dynamic and static analysis reduces the false negatives rate of illegal claim detection.