| With the growing market share of Android,application on the Android platform is also increasing.Because of the open-source Android system,Android application store lack of effective review mechanism,which will lead to Android applications face significant security risks.Among them,the attack of user’s privacy sensitive data has become a more valuable target.It is particularly important to detect whether the existence of the risk of sensitive data leakage in Android application.Thus,this paper designed a static taint track program to detect.Taint track mainly to present potentially malicious data stream to analysts,through analysing the Android application.The taint track program,designed in this paper,contains decompile module and information flow analysis module.The decompile module decompiles the Android APK to get corresponding smali file.The information flow analysis module is the core part of the program.It first set Source and Sink,and began the analysis of tainted data dissemination.In the process of information flow analysis,it mainly used the static analysis techniques based on smali files,and combined with calling relationships between functions that Androguard provided,to trace tainted data propagation path in the function and between functions,and then determine whether the application within the presence of sensitive data leakage.Based on the taint track program,this paper implemented an automated detection system of sensitive data leakage for Android applications.The detection system can automatically analyse the APK,and detect sensitive data leakage path.Then,using the detection system to test different APK program,and analysing the performance of the detection system by observing the test results.Finally,according to the inadequacies of the detection system,we put forward some suggestions for improvement. |
PDF Full Text Request