Due to the openness of Android, more and more malware has exploded, and constitutes a huge security threat to Android-based smartphones. This paper proposes a mechanism to study sensitive data leakage by analyzing sensitive APIs, decompiles Android APK to get smali files, and defines a sensitive API library related to user privacy. Then, analyzes the potential threats by detecting the sensitive API in the source code, and determines whether there is a sensitive data leakage. We analyzed 20 applications with the help of the mechanism, and in the paper we present one detailed analysis process.
As the increasing downloads of applications via Android Platform, more and more malicious codes were injected in those applications. And some problems are caused by that malicious code such as economic loss and privacy issues. Android has the highest market share of smartphone operating system, the security of Android platform is extremely important. Therefore, the security testing and evaluation of applications is imperative. Dynamic taint propagation is the most common method to do the test, but there are two problems: a) If the custom ROM runs in the smartphone, the running speed of ROM will be limited to the smartphone's battery life and computing power. b) If the program was running in emulator in PC, the efficiency will be very poor because of the manual operation for the triggering action during the running time. The paper presents an automated testing method which was accomplished in emulator. In addition, the system will record the tree structure of Activity and control distribution of each Activity. The test results showed that the system can trigger all the controls and compared with manual test, this method was proven to be more effective and completely.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.