Abstract: Android applications that have access to crucial system resources arc the targets of attackers. An application applies the access rights when it is installed, and users always ignore that. This paper proposes a new method to detect overprivilege in compiled Android applications,which leverages dataflow analysis to get the parameters of an API call. A static detection tool "Brox" is implemented based on this method. And 13rox is tested using multiply Android applica- lions. The test results on the accuracy and performance are quite encouraging.

Key words: Android, Permission, Randoop, Dataflow analysis