ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2019, Vol. 56 ›› Issue (6): 1252-1262.doi: 10.7544/issn1000-1239.2019.20180548

Previous Articles     Next Articles

An Automatic Detection Method for Privacy Leakage Across Application Components

Li Zhen1,2, Tang Zhanyong1,2, Li Zhengqiao1,2, Wang Hai1, Gong Xiaoqing1, Chen Feng1, Chen Xiaojiang1,2, Fang Dingyi1,2   

  1. 1(School of Computer Science and Technology, Northwest University, Xi’an 710075);2(Shaanxi International Joint Research Centre for the Battery-free Internet of Things, Xi’an 710075)
  • Online:2019-06-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61672427), the International Cooperation Program of Shaanxi Province (2017KW-008), the International Cooperation Program of Shaanxi Province(2019KW-009), the Key R&D Project of Shaanxi Province (2017GY-191), and the Innovation Research Team of Shaanxi Province (2018SD0011).

Abstract: In recent years, Android operating system has developed rapidly. A large number of mobile users use Android smart devices as tools for personal communication and work. The privacy information of Android mobile users has become one of the main targets of black industry practitioners. Existing privacy detection research mainly focuses on addressing privacy leakage risk within Android applications, including the detection of privacy leakage within program components, the detection of privacy leakage between components, and the detection of ICC vulnerability. Actually, the behavior of sharing users’ privacy through collaboration among application components is widespread, which causes a large number of users’ privacy information to be leaked. How to effectively detect and prevent privacy leakage between application components is an urgent problem. However, the number of components in Android applications is huge and there are plenty of components unrelated to privacy leaks between applications. Therefore, how to detect possible privacy leaks between applications meets a serious challenge. Aiming at this problem, this paper presents a method to construct a component sequence with potential privacy leaks, and the method uses data flow analysis technology to realize a detection system for privacy leakage between application components, named PLDetect. PLDetect solves the problem of incomplete coverage of code and lagging detection results in the existing technology. Finally, based on the privacy leak path, PLDetect utilizes an encryption-based privacy leak protection method to encrypt privacy information, ensuring that information is effectively prevented from being maliciously transmitted without affecting application runtime performance. The final experiment shows that PLDetect detects 5 groups of applications with privacy leaks across application components in 81 applications and effectively blocks privacy data leaks.

Key words: Android security, privacy leakage, static analysis, data-flow analysis, taint analysis

CLC Number: