摘要
Android系统的开放性和Android应用商城缺乏有效的安全核查工具,导致以获取用户隐私信息为目的的程序不断涌现。该文聚焦于国内Android应用商城中程序隐私泄露问题,结合Android系统的权限机制,采用程序静态分析技术获取程序中疑似泄露路径,然后采用动态验证技术进行隐私泄露行为的确认。该文分析和研究了国内7个最具代表性的应用商城的330个热门程序,发现有58%的程序在用户隐私泄露方面存在问题。
Most mobile devices are now based on the Android operating system platform with almost all applications(called apps) downloaded from a few centralized software distribution sites,called marketplaces.However,the lack of effective security vetting mechanisms as well as the Android openness means that the marketplaces may unintentionally be hosting many apps developed by third parties who intend to manipulate and collect user privacy data for a variety of purposes.This paper reports an empirical study of the privacy leakage problem for about 330 of the most popular apps from seven representative Android marketplaces in China.A two-step process was used to minimize false alarms with each app initially examined by a static analysis tool and,if this examination reported suspicious code segments,the app was then tracked dynamically within a controlled run-time environment to identify the actual privacy leakage.The evaluation results show that more than 58% of the apps lead privacy data without user consent.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2012年第10期1420-1426,共7页
Journal of Tsinghua University(Science and Technology)
基金
教育部-英特尔信息技术专项科研基金资助项目(MOE-INTEL-2012-02)
上海市科学技术委员会科研计划资助项目(11511504404)
