| In recent years, with the popularity of smart phones, tablet PCs and other mobile devices, the operating system for mobile devices has also been rapid development. Compared with other operating systems, Android is the most rapid development. Android applications have been integrated into our life, people can using mobile applications for entertainment (playing games, listening to music, watching videos), also can using the mobile phone for learning, doing office work, shopping online, doing online payment and so on. Some app developers earn money by adding advertisement plug-in to free apps. But the defects of Android permission management mechanism led to new security issues after adding the third party ad libraries to applications. Ad lib can inherit the sensitive permissions of the host application or can apply new sensitive permissions through the host application. After that, the ad lib can do some malicious behaviors, such as leak user’s privacy, steal traffic, send short message, make telephone calls and other behaviors caused economic losses.In this paper, we improved a static algorithm for detect app ad plug-in which based on feature behaviors in PEDAL, modified some design of the feature behaviors. We extracted these behavior features from each folder of an app after decompiling and then judged whether a folder contains ad lib. Experiments show that the efficiency ratio is improved more than 90% higher than PEDAL. Our algorithm can not only identify the known ad library in the application, but also can find the unknown advertisement library. And this algorithm has the characteristics of the resistance to confuse.In this paper, we present two kinds of security mechanisms for the application who contain ad plug-in:(1) The removal mechanism of ad plug-in. In order to eliminate the hidden security risks of an app who has added the third-party advertisement libraries, we studied the advertisement plug-in implant method and execution mode, and then we found that the ad libraries are associated with the host application and performed by the calling of host application. In this paper, we designed and implemented the experiments to eliminate the host application calls to advertisement libraries and then we could remove the ad libraries without affecting the function of the application.(2) The permission control mechanism of ad plug-in. Through the analysis of the existing permission mechanism, we found that the permission can be controlled by controlling the sensitive resource related functions. This method not only need to modify the existing Android system, but also can control the sensitive resources flexibly. In this paper, we designed experiments to select 8 functions of 4 kinds of sensitive resources, and completed the protection of sensitive resources without affecting the function of the host application and the display of advertisement plug-in.Overall, the main contributions of this paper as follows:(1) In this paper, we improved the static algorithm for detect app ad plug-in which based on feature behaviors in PEDAL, modified some designs of the feature behaviors. As a result, the running efficiency of this algorithm increased more than 90%. We found that 23.1% applications in China App market have embedded ad plug-in. And compared with the known ad plug-in identification tools, the algorithm we improved has a high accuracy.(2) On the basis of ad plug-in identification, this paper designed and implemented the removal mechanism of ad plug-in. It could remove the ad libraries without affecting the function of the application.(3) At the same time, this paper improved the mechanism of permission control in PEDAL, modified the parameters or return values of sensitive APIs in ad libraries, which could protect users’ privacy and assure its safe run of the system. |
PDF Full Text Request