earticle

영어

Android smart phones often carry personal sensitive information, which makes Android a tempting target for malwares. Recent studies have showed that Android applications frequently are over privileged and the risk of personal privacy leakage is very high. With known Android statics security analysis techniques in literatures, due to lack of considering the control flow between components, the static analysis of sensitive data transmission paths often costs a larger computation overheads, static analysis methods have to make a trade-off between computing time and the precision of analysis results. In this work, we propose a static analysis framework to discovery the sensitive data propagation paths and extract execution conditions (including data inputs and events inputs) of these paths. Our approach first extract a asynchronously executing events sequence graph that directly handles inter-components control flows, it then can be used to archive higher efficient taint analysis when the data propagation path asynchronously cross the boundaries of multiply components. The represented analysis results (data and events inputs) will make the analyst easier to determine if the sensitive data transmission is really a privacy leakage. We present an evaluation with a typical Android malicious app. The result of case study shows that our scheme can effectively help discover the privacy leakage behaviors in the malicious apps.