For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Software Design of Measurement and Control Device for Smart Grid Based on Embedded Operating System
p.2642
A Randomly Permuted Fourier Measurement Matrix for UWB-PPM Signals
p.2646
Countdown Frequency Measurement and its Application in Radar AFC
p.2650
Non-Contact Measurement Device Based on Ultrasonic Technology
p.2654
PDroid: Detecting Privacy Leakage on Android
p.2658
Railway Turnout Fault Diagnosis Based on Support Vector Machine
p.2663
Using Networks to Measure Influence and Impact
p.2668
Vehicle Statistics and Retrograde Detection Based on Characteristic Analysis
p.2672
Rolling Bearing Fault Diagnosis Based on Second Generation Wavelet Denoising and Improved EEMD
p.2677

PDroid: Detecting Privacy Leakage on Android

Article Preview

Abstract:

The prevalence of Android makes it face the severe security threats from malicious apps. Many Android malware can steal users’ sensitive data and leak them out. The data flow analysis is a popular technique used to detect privacy leakages by tracking the sensitive information flow statically. In practice, an effective data flow analysis should employ inter-procedure information tracking. However, the Android event-driven programming model brings a challenge to construct the call graph (CG) for a target app. This paper presents a method which employs the inter-procedural and context-sensitive data flow analysis to detect privacy leakage in Android apps. To make the analysis accurate, a flow-sensitive and points-to call target analysis is employed to construct and improve the call graph. A prototype system, called PDroid, has been implemented and applied to some real malware. The experiment shows that our method can effective detect the privacy leakages cross multiple method call instances.

You might also be interested in these eBooks
Mechatronics Engineering, Computing and Information Technology View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 556-562)

Pages:

2658-2662

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.556-562.2658

Citation:

Cite this paper

Online since:

May 2014

Authors:

Pu Han Zhang*, Jing Zhe Li, Shuai Shao, Peng Wang

Keywords:

Call Graph, Data Flow Analysis, Privacy Leakage

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Enck, William, et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones., OSDI. Vol. 10. (2010).

Google Scholar

[2] Yan, Lok Kwong, and Heng Yin. Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis., Proceedings of the 21st USENIX Security Symposium. (2012).

Google Scholar

[3] Gibler, Clint, et al. AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale., Trust and Trustworthy Computing. Springer, 2012. 291-307.

DOI: 10.1007/978-3-642-30921-2_17

Google Scholar

[4] Whaley, John, and Monica S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams., ACM SIGPLAN Notices. Vol. 39. No. 6. ACM. (2004).

DOI: 10.1145/996893.996859

Google Scholar

[5] Hardekopf, Ben, and Calvin Lin. Flow-sensitive pointer analysis for millions of lines of code., 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization. (2011).

DOI: 10.1109/cgo.2011.5764696

Google Scholar

[6] Tripp, Omer, et al. TAJ: effective taint analysis of web applications., ACM Sigplan Notices. Vol. 44. No. 6. ACM. (2009).

DOI: 10.1145/1543135.1542486

Google Scholar

[7] Livshits, V. Benjamin, and Monica S. Lam. Finding security vulnerabilities in Java applications with static analysis., Proceedings of the 14th conference on USENIX Security Symposium. (2005).

Google Scholar

[8] http: /code. google. com/p/android-apktool.

Google Scholar

[9] http: /source. android. com/devices/tech/dalvik/dex-format. html.

Google Scholar

[10] dex2jar: A tool for converting Android's . dex format to Java's . class format. http: /code. google. com/p/dex2jar.

Google Scholar

[11] Egele, M., Kruegel, C., Kirda, E., and Vigna, G. PiOS: Detecting privacy leaks in iOS applications., NDSS (2011).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.