Computer Science ›› 2017, Vol. 44 ›› Issue (10): 127-133.doi: 10.11896/j.issn.1002-137X.2017.10.025

Previous Articles     Next Articles

Analysis and Comparison of Privacy Leak Static Detection Tools for Android Applications

YAN Ji-wei, LI Ming-su, LU Qiong, YAN Jun and GAO Hong-yu   

  • Online:2018-12-01 Published:2018-12-01

Abstract: In recent years,the problems of privacy leak in Android applications attract more and more attention.The maliciously access of private information will increase the risk of users’ privacy leak.To solve this problem,researchers have proposed many privacy-leak detection tools that have differences in emphasis point and performance.In order to facilitate the understanding and using for researchers,this paper analyzed and compared nine kinds of privacy leak static detection tools for Android apps.We summarized the detection targets,methods,types of error detection and their efficiency.We also designed and conducted experiments for two open source tools,FlowDroid and IccTA,to test their perfor-mance and detecting ability.For the 50 downloaded apps,FlowDroid successfully detected 9 apps possessing privacy leak and IccTA detected 7 apps possessing ICC leak.For the 12 self-designed test cases,FlowDroid and IccTA can successfully detect all privacy leaks.

Key words: Android application,Privacy leak,Static detection

[1] 刘涛.基于过程间分析的Android程序隐私泄漏检测的研究[D].上海:上海交通大学,2014.
[2] CAI S M.Research on Program slicing technology and its application[J].Software Guide,2010,9(11):44-46.(in Chinese) 蔡素梅.程序切片技术及其应用的研究[J].软件导刊,2010,9(11):44-46.
[3] KIM J,YOON Y,YI K,et al.ScanDal:Static analyzer for detecting privacy leaks in Android applications.http://lim.univ-reunion.fr/staff/epayet/teaching/securite/scandel.pdf.
[4] YANG Z,YANG M.LeakMiner:Detect information leakage on Android with static taint analysis[C]∥Software Engineering (WCSE).IEEE,2012:101-104.
[5] GILBER C,CRUSSELL J,ERICKSON J.AndroidLeaks:automatically detecting potential privacy leaks in Aandroid applications on a large scale[M].Springer Berlin Heidelberg,2012:291-307.
[6] YANG Z,YANG M,ZHANG Y.Appintent:Analyzing sensitive data transmission in Android for privacy leakage detection[C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM,2013:1043-1054.
[7] ARZT S,RASTHOFER S,FRITZ C.FlowDroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[J].ACM SIGPLAN Notices,2014,49(6):259-269.
[8] LAM P,BODDEN E,LHOTK O.The Soot framework for Java program analysis:a retrospective[C]∥Cetus Users and Compiler Infastructure Workshop (CETUS).2012.
[9] LI L,BARTEL A,BISSYAND T F.IccTA:Detecting inter-component privacy leaks in Android apps[C]∥Proceedings of the 37th International Conference on Software Engineering.IEEE,2015:280-291.
[10] LI L,BARTEL A,KLEIN J,et al.Automatically Exploiting Potential Component Leaks in Android Applications[C]∥2014 IEEE 13th International Conference on Trust,Security and Privacy in Computing and Communications.IEEE,2014.
[11] SCHUTTE J,TITZE D,DE FUENTES J M.AppCaulk:Dataleak prevention by injecting targeted taint tracking into Android apps[C]∥Trust,Security and Privacy in Computing and Communications (TrustCom).IEEE,2014:370-379.
[12] YANG W,XIAO X,ANDOWS B.AppContext:Differentiating malicious and benign mobile app behaviors using context[C]∥Software Engineering (ICSE).IEEE,2015:303-313.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!