Detecting Privacy Leaks Through Existing Android Frameworks

Information Sciences Project Topics

Get the Complete Project Materials Now! ยป

The Android application ecosystem has thrived, with hundreds of thousands of applicationsrn(apps) available to users; however, not all of them are safe or privacy-friendly.rnAnalyzing these many apps for malicious behaviors is an important but challengingrnarea of research as malicious apps tend to use prevalent stealth techniques, e.g.,rnencryption, code transformation, and other obfuscation approaches to bypass detection.rnAcademic researchers and security companies have realized that the traditionalrnsignature-based and static analysis methods are inadequate to deal with this evolvingrnthreat. In recent years, a number of static and dynamic code analysis proposals forrnanalyzing Android apps have been introduced in academia and in the commercialrnworld. Moreover, as a single detection approach may be ineffective against advancedrnobfuscation techniques, multiple frameworks for privacy leakage detection have beenrnshown to yield better results when used in conjunction.rnIn this dissertation, our contribution is two-fold. First, we organize 32 of thernmost recent and promising privacy-oriented proposals on Android apps analysis intorntwo categories: static and dynamic analysis. For each category, we survey the stateof-rnthe-art proposals and provide a high-level overview of the methodology they relyrnon to detect privacy-sensitive leakages and app behaviors. Second, we choose onernpopular proposal from each category to analyze and detect leakages in 5,000 Androidrnapps. Our toolchain setup consists of IntelliDroid (static) to find and triggerrnsensitive API (Application Program Interface) calls in target apps and leveragesrnrnTaintDroid (dynamic) to detect leakages in these apps. We found that about 33%rnof the tested apps leak privacy-sensitive information over the network (e.g., IMEI,rnlocation, UDID), which is consistent with existing work. Furthermore, we highlightrnthe efficiency of combining IntelliDroid and TaintDroid in comparison with AndroidrnMonkey and TaintDroid as used in most prior work. We report an overall increase inrnthe frequency of leakage of identifiers. This increase may indicate that IntelliDroid isrna better approach over Android Monkey.

Get Full Work

Report copyright infringement or plagiarism

Be the First to Share On Social



1GB data
1GB data

RELATED TOPICS

1GB data
1GB data
Detecting Privacy Leaks Through Existing Android Frameworks

134