AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale
作者: Clint Gibler , Jonathan Crussell , Jeremy Erickson , Hao Chen
DOI: 10.1007/978-3-642-30921-2_17
关键词:
摘要: As mobile devices become more widespread and powerful, they store sensitive data, which includes not only users' personal information but also the data collected via sensors throughout day. When applications have access to this growing amount of information, may leak it carelessly or maliciously. Google's Android operating system provides a permissions-based security model that restricts an application's user's private data. Each application statically declares functionality requires in manifest, is presented user upon installation. However, clear how used once installed. To combat problem, we present AndroidLeaks, static analysis framework for automatically finding potential leaks on massive scale. AndroidLeaks drastically reduces number traces auditor has verify manually. We evaluate efficacy 24,350 from several markets. found 57,299 privacy 7,414 applications, out manually verified 2,342 including phone GPS location, WiFi audio recorded with microphone. examined these 30 hours, indicates capable scaling increasingly large set available applications.
springer.com
core.ac.uk
ucdavis.edu 
clintgibler.com 
acm.org 参考文章(7)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner, Android permissions demystified Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 627- 638 ,(2011) , 10.1145/2046707.2046779
Omer Tripp, Marco Pistoia, Stephen J. Fink, Manu Sridharan, Omri Weisman, TAJ Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation - PLDI '09. ,vol. 44, pp. 87- 97 ,(2009) , 10.1145/1542476.1542486
Avik Chaudhuri, Jeffrey S. Foster, Adam P. Fuchs, SCanDroid: Automated Security Certification of Android ,(2009)