| In recent years, with the rapid growth of smart phones all over the world, Android operating system has become more and more popular by consumers. According to the IDC report, the smartphone sales in China have reached 390 million in 2015, of which Android OS accounted for 82.8%. Meanwhile, there are more and more applications developed on Android platform. Based on data from Google Play, the number of applications in Google Play had reached 1.43 million by 2014, which exceeded Apple App Store for the first time. As people are more closely related to applications, the user’s privacy might be leaked by applications.As a result, whether applications can protect personal data, has become an increasingly important issue.Android OS has lots of security mechanisms inside to protect user’s data, from the application layer to the kernel layer, such as Sandbox,Permission Management, Application Signature, Device Encryption and MAC. However, these mechanisms still cannot resist the attack by exploiting the vulnerabilities of system and applications.In this paper, first we describe the whole life cycle of data assets on Android device in detail, such as the whole process of user data from generation, transfer, storage to deletion. Then we analyze the present situation of user’s data leaks on Android platform, and provide a privacy disclosure assessment criterion based on file storage directories and security state machines. And a user data privacy protection framework X-Prdap (Xposed-based-PRotecting-DAta-Privacy) is proposed, which can make Android applications avoid privacy data leaks in running process. This framework mainly uses taint tracking technology, operating system hook technology, and cryptographic technology. It aims to protect the entire life cycle of the Android applications data, by strategy pre-generation, real-time monitoring and security reinforcement.Experiments demonstrate that the framework has a good effect on the data leaks of Android software. |
PDF Full Text Request