Research On Privacy Data Protection With Taint Analysis And Plug-in Framework

The security of Android system has always been a high concern in the field of mobile security,especially the protection of privacy data has become the focus and hotspot of security research.There are a few known Android privacy schemes.This paper found that the existing system layer protection scheme needs to modify the system source code,which does not have good portability and is not easy to promote.The existing application layer protection schemes need to obtain root permission.However,in today’s mobile phones,it is very difficult to obtain root permission.In order to improve this situation,this paper studies a lightweight application layer privacy protection scheme.The following is the work content of this paper.1.The specific repair strategies are proposed to repair the privacy leakage vulnerabilities in the plug-in framework.This paper studies the underlying principle of the existing plug-in framework,summarizes the privacy leakage loopholes in the framework,and puts forward repair strategies for these loopholes.This work prevents malware from stealing private data from plug-in applications in the plug-in framework through these vulnerabilities.2.A new static taint analysis tool is designed and implemented to expand the scope of taint analysis.This paper studies the problem of privacy data transmission in three special scenarios,abstracts the characteristics of each scenario,and studies the modification scheme.In this paper,a preprocessing module is designed and implemented.The module modifies Jimple code according to the modification scheme,and static taint analysis can identify three special scenarios in the modified code.This improvement extends the coverage of privacy protection functions.3.A privacy data protection scheme combining static taint analysis and plug-in framework is proposed.This paper studies the process of privacy data leakage in Android system,proposes the method of hook data acquisition and sending data in plug-in framework to obtain stack.After using stack information to restore the process of data transmission,the restored process can be compared with the results of static taint analysis to determine whether it is privacy data leakage.This scheme does not need to modify the system source code,and does not need root authority,with good portability.