Detecting And Hardening Silent Install Behavior On Android System

With the development of Android system,it offers more and more convenience,making this system gaining popularity among smart phones.However,it goes along with a growing number of risks at the same time.According to the Android Annual Security Report,the malicious samples have increased from 3,260 thousand in 2014 to 14,030 thousand in 2016.This kind of applications operate many malicious behaviors,including the silent install.Apps with silent install can install unwanted apps,even backdoors without users' awareness.These installed apps can steal users' private data,monitor users' behavior and so on,posing a security threat to users.Most apps need to request root privilege to complete silent installation.But with the help of accessibility service,apps don't need to ask for root,which contributing to the upsurge of malicious silent install.In summary,this paper focus on two aspects:1.the detection on the silent install malicious behavior;2.the security analysis of android accessibility service.For the first problem,we analyze vast android applications and summarize silent install characteristics from trigger points,execution process to install targets.Based on these characteristics,we develop a static detection tool,which can pick up silent install apps efficiently and accurately.Towards the second one,we notice that this service belongs to the system and thus has more privileges.What's more,app developers can configure this service through system APIs,which are provided after android 4.0.This makes accessibility service more threatening.To solve this problem,we come up with and implement a securer system based on the distributed information flow control to enhance the accessibility service.The main contributions of this paper are divided into three parts:1.This is the first overall work to study android silent install,and we develop a static analysis tool which unshells apps and executes two steps analysis;2.We make an in-depth analysis of android accessibility service security.And we implement an enhanced android system based on the distributed information flow control;3.We prove that our static analysis tool is accurate and our enhanced android system is effective after a lot of experiments.