An Automatic Detection Method for Privacy Leakage Across Application Components

Li Zhen; Tang Zhanyong; Li Zhengqiao; Wang Hai; Gong Xiaoqing; Chen Feng; Chen Xiaojiang; Fang Dingyi

doi:10.7544/issn1000-1239.2019.20180548

Journal of Computer Research and Development > 2019 > 56(6): 1252-1262. > DOI: 10.7544/issn1000-1239.2019.20180548 CSTR: 32373.14.issn1000-1239.2019.20180548

Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang, Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components[J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262. DOI: 10.7544/issn1000-1239.2019.20180548

Citation:

PDF (1170 KB)

An Automatic Detection Method for Privacy Leakage Across Application Components

¹(School of Computer Science and Technology, Northwest University, Xi’an 710075)
²(Shaanxi International Joint Research Centre for the Battery-free Internet of Things, Xi’an 710075)

Funds: This work was supported by the National Natural Science Foundation of China (61672427), the International Cooperation Program of Shaanxi Province (2017KW-008), the International Cooperation Program of Shaanxi Province(2019KW-009), the Key R&D Project of Shaanxi Province (2017GY-191), and the Innovation Research Team of Shaanxi Province (2018SD0011).

More Information

Published Date: May 31, 2019

Graphical Abstract

Abstract

Abstract

In recent years, Android operating system has developed rapidly. A large number of mobile users use Android smart devices as tools for personal communication and work. The privacy information of Android mobile users has become one of the main targets of black industry practitioners. Existing privacy detection research mainly focuses on addressing privacy leakage risk within Android applications, including the detection of privacy leakage within program components, the detection of privacy leakage between components, and the detection of ICC vulnerability. Actually, the behavior of sharing users’ privacy through collaboration among application components is widespread, which causes a large number of users’ privacy information to be leaked. How to effectively detect and prevent privacy leakage between application components is an urgent problem. However, the number of components in Android applications is huge and there are plenty of components unrelated to privacy leaks between applications. Therefore, how to detect possible privacy leaks between applications meets a serious challenge. Aiming at this problem, this paper presents a method to construct a component sequence with potential privacy leaks, and the method uses data flow analysis technology to realize a detection system for privacy leakage between application components, named PLDetect. PLDetect solves the problem of incomplete coverage of code and lagging detection results in the existing technology. Finally, based on the privacy leak path, PLDetect utilizes an encryption-based privacy leak protection method to encrypt privacy information, ensuring that information is effectively prevented from being maliciously transmitted without affecting application runtime performance. The final experiment shows that PLDetect detects 5 groups of applications with privacy leaks across application components in 81 applications and effectively blocks privacy data leaks.
- Android security,
- privacy leakage,
- static analysis,
- data-flow analysis,
- taint analysis

FullText(HTML)

References (0)

[1]	Zhou Quan, Chen Minhui, Wei Kaijun, Zheng Yulong. Traceable Attribute-Based Signature for SM9-Based Support Policy Hidden[J]. Journal of Computer Research and Development, 2025, 62(4): 1065-1074. DOI: 10.7544/issn1000-1239.202330744
[2]	Liu Yongzhi, Qin Guiyun, Liu Pengtao, Hu Chengyu, Guo Shanqing. Provably Secure Public Key Authenticated Encryption with Keyword Search Based on SGX[J]. Journal of Computer Research and Development, 2023, 60(12): 2709-2724. DOI: 10.7544/issn1000-1239.202220478
[3]	An Haoyang, He Debiao, Bao Zijian, Peng Cong, Luo Min. Ring Signature Based on the SM9 Digital Signature And Its Application in Blockchain Privacy Protection[J]. Journal of Computer Research and Development, 2023, 60(11): 2545-2554. DOI: 10.7544/issn1000-1239.202330265
[4]	Li Jiguo, Zhu Liufu, Liu Chengdong, Lu Yang, Han Jinguang, Wang Huaqun, Zhang Yichen. Provably Secure Traceable Attribute-Based Sanitizable Signature Scheme in the Standard Model[J]. Journal of Computer Research and Development, 2021, 58(10): 2253-2264. DOI: 10.7544/issn1000-1239.2021.20210669
[5]	Fu Wei, Wu Xiaoping, Ye Qing, Xiao Nong, Lu Xicheng. A Multiple Replica Possession Proving Scheme Based on Public Key Partition[J]. Journal of Computer Research and Development, 2015, 52(7): 1672-1681. DOI: 10.7544/issn1000-1239.2015.20140353
[6]	Ma Chunguang, Wang Jiuru, Wu Peng, Zhang Hua. M-IBE Based Key Management Protocol for Heterogeneous Sensor Networks[J]. Journal of Computer Research and Development, 2013, 50(10): 2109-2116.
[7]	Long Yu, Xu Xian, Chen Kefei. Two Identity Based Threshold Cryptosystem with Reduced Trust in PKG[J]. Journal of Computer Research and Development, 2012, 49(5): 932-938.
[8]	Ren Yongjun, Wang Jiandong, Xu Dazhuan, Zhuang Yi, Wang Jian. Key Agreement Protocol for Wireless Sensor Networks Using Self-Certified Public Key System[J]. Journal of Computer Research and Development, 2012, 49(2): 304-311.
[9]	Chen Shaozhen, Wang Wenqiang, Peng Shujuan. Efficient AttributeBased Ring Signature Schemes[J]. Journal of Computer Research and Development, 2010, 47(12).
[10]	Chen Huiyan, Wang Lianqiang, Lü Shuwang. A Study of Key Problems of HFE Cryptosystem[J]. Journal of Computer Research and Development, 2007, 44(7): 1205-1210.