An Automatic Detection Method for Privacy Leakage Across Application Components

Li Zhen; Tang Zhanyong; Li Zhengqiao; Wang Hai; Gong Xiaoqing; Chen Feng; Chen Xiaojiang; Fang Dingyi

doi:10.7544/issn1000-1239.2019.20180548

Journal of Computer Research and Development > 2019 > 56(6): 1252-1262. > DOI: 10.7544/issn1000-1239.2019.20180548 CSTR: 32373.14.issn1000-1239.2019.20180548

Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang, Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components[J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262. DOI: 10.7544/issn1000-1239.2019.20180548

Citation:

PDF (1170 KB)

An Automatic Detection Method for Privacy Leakage Across Application Components

¹(School of Computer Science and Technology, Northwest University, Xi’an 710075)
²(Shaanxi International Joint Research Centre for the Battery-free Internet of Things, Xi’an 710075)

Funds: This work was supported by the National Natural Science Foundation of China (61672427), the International Cooperation Program of Shaanxi Province (2017KW-008), the International Cooperation Program of Shaanxi Province(2019KW-009), the Key R&D Project of Shaanxi Province (2017GY-191), and the Innovation Research Team of Shaanxi Province (2018SD0011).

More Information

Published Date: May 31, 2019

Graphical Abstract

Abstract

Abstract

In recent years, Android operating system has developed rapidly. A large number of mobile users use Android smart devices as tools for personal communication and work. The privacy information of Android mobile users has become one of the main targets of black industry practitioners. Existing privacy detection research mainly focuses on addressing privacy leakage risk within Android applications, including the detection of privacy leakage within program components, the detection of privacy leakage between components, and the detection of ICC vulnerability. Actually, the behavior of sharing users’ privacy through collaboration among application components is widespread, which causes a large number of users’ privacy information to be leaked. How to effectively detect and prevent privacy leakage between application components is an urgent problem. However, the number of components in Android applications is huge and there are plenty of components unrelated to privacy leaks between applications. Therefore, how to detect possible privacy leaks between applications meets a serious challenge. Aiming at this problem, this paper presents a method to construct a component sequence with potential privacy leaks, and the method uses data flow analysis technology to realize a detection system for privacy leakage between application components, named PLDetect. PLDetect solves the problem of incomplete coverage of code and lagging detection results in the existing technology. Finally, based on the privacy leak path, PLDetect utilizes an encryption-based privacy leak protection method to encrypt privacy information, ensuring that information is effectively prevented from being maliciously transmitted without affecting application runtime performance. The final experiment shows that PLDetect detects 5 groups of applications with privacy leaks across application components in 81 applications and effectively blocks privacy data leaks.
- Android security,
- privacy leakage,
- static analysis,
- data-flow analysis,
- taint analysis

FullText(HTML)

References (0)

[1]	Sun Chang’ai, Wang Zhen, Pan Lin. Optimized Mutation Testing Techniques for WS-BPEL Programs[J]. Journal of Computer Research and Development, 2019, 56(4): 895-905. DOI: 10.7544/issn1000-1239.2019.20180037
[2]	Guo Xi, Wang Pan. Variable Dependent Relation Analysis in Program State Condition Merging[J]. Journal of Computer Research and Development, 2018, 55(10): 2331-2342. DOI: 10.7544/issn1000-1239.2018.20170545
[3]	Wu Lei, Zhang Wensheng, Wang Jue. Hidden Topic Variable Graphical Model Based on Deep Learning Framework[J]. Journal of Computer Research and Development, 2015, 52(1): 191-199. DOI: 10.7544/issn1000-1239.2015.20131113
[4]	Zhang Zhuhong, Tao Juan. Micro-Immune Optimization Approach Solving Nonlinear Interval Number Programming[J]. Journal of Computer Research and Development, 2014, 51(12): 2633-2643. DOI: 10.7544/issn1000-1239.2014.20131091
[5]	Sun Zhizhuo, Zhang Quanxin, Li Yuanzhang, Tan Yu'an, Liu Jingyu, Ma Zhongmei. Write Optimization for RAID5 in Sequential Data Storage[J]. Journal of Computer Research and Development, 2013, 50(8): 1604-1612.
[6]	Fan Tiehu, Qin Guihe, Zhao Qi. Uniform Design and Reconstructive BLX-α Based Scatter Search for Continuous Optimization Problem[J]. Journal of Computer Research and Development, 2011, 48(6): 1049-1058.
[7]	Ma Hongtu, Hu Shi'an, Su Yanbing, Li Xun, Zhao Rongcai. A Multi-Variable -Function Placement Algorithm Based on Dominator Frontier Inverse[J]. Journal of Computer Research and Development, 2011, 48(2): 346-352.
[8]	Wang Bin. A Discrete Particle Swarm Optimization-based Algorithm for Polygonal Approximation of Digital Curves[J]. Journal of Computer Research and Development, 2010, 47(11): 1886-1892.
[9]	Ye Xiaoping. Model and Algebra of Object-Relation Bitemporal Data Based on Temporal Variables[J]. Journal of Computer Research and Development, 2007, 44(11): 1971-1979.
[10]	Dong Hongbin, Huang Houkuan, He Jun, Hou Wei. An Evolutionary Programming to Solve Constrained Optimization Problems[J]. Journal of Computer Research and Development, 2006, 43(5): 841-850.

Cited By

Cited by

Periodical cited type(6)

1.	桂易琪，王鹏程，王威，李鹏海，张乐君. 基于联邦学习与DQN的缓存策略. 扬州大学学报(自然科学版). 2025(02): 45-53 .
2.	彭牧尧，魏建军，王乾舟，王琨. 基于最大最小蚂蚁系统的容迟网络缓存机制. 无线电通信技术. 2023(06): 1095-1103 .
3.	刘涛. 基于机会网络节点定位算法的优化设计. 白城师范学院学报. 2021(02): 38-42 .
4.	刘慧，钱育蓉，张振宇，杨文忠. 机会网络中基于陌生节点的竞争转发策略. 计算机工程与设计. 2021(10): 2710-2717 .
5.	龙浩，张书奎，张力. 一种车载机会网络文件调度与数据传输算法. 计算机应用与软件. 2020(04): 82-88 .
6.	葛宇，梁静. 基于相遇概率时效性和重复扩散感知的机会网络消息转发算法. 计算机应用. 2020(05): 1397-1402 .