The Study Of Analysis Methodology For Android Applications’ Security

In recent years, with the rapid development of mobile computing platform, Android has accounted for the most share of the worldwide smartphone market. Though mobile platform carry more users’ private information than those in traditional PC platform, Android keeps quite open on account of some commercial strategy. As a result, mass vulnerabilities involved in the Android alternative applications could threaten the security of the launched device or user’s data. Therefore, Android applications’ security analysis has become a hot field in academic research.This paper finds that Android application analysis usually looks at permissions, code, and runtime behavior based on classifying and summarizing previous works. The disadvantage of permission analysis is the coarse granularity. The problem of static analysis is the false positive caused by some execution logics. Dynamic analysis often introduces much performance overhead. Besides, traditional dynamic analysis method such as TaintDroid is required to work in a custom sandbox so that it has limitation in compatibility and robustness.Consequently, this paper presents AppInsight, a novel dynamic analysis framework that trace Java methods included APIs of target application to help analysts having insight into the applications’ runtime features. App Insight uses dynamic instrumentation technique instead of static one to make the system more compatible. It also combines with static code analysis to decrease performance overhead yet avoids the false positive introduced by independent static analysis. In addition, AppInsight extends the existing method tracing and profiling functionality of Android SDK by omitting Android framework internal method calls to enhance the output’s readability and decrease performance overhead further. This paper implements the protype of App Insight and evaluates the system with a case study and some real applications to prove the effectiveness and compatibility of the framework. The results show that the static false positive rate, dynamic tracing success rate, feedback rate and performance overhead decrease compared with SDK tracer are 12.8%, 100%, 83.1% and 39.4% respectively.