{"title":"LeakMiner:通过静态污点分析检测Android上的信息泄漏","authors":"Zhemin Yang, Min Yang","doi":"10.1109/WCSE.2012.26","DOIUrl":null,"url":null,"abstract":"With the growing popularity of Android platform, Android application market becomes a major distribution center where Android users download apps. Unlike most of the PC apps, Android apps manipulates personal information such as contract and SMS messages, and leakage of such information may cause great loss to the Android users. Thus, detecting information leakage on Android is in urgent need. However, till now, there is still no complete vetting process applied to Android markets. State-of-the-art approaches for detecting Android information leakage apply dynamic analysis on user site, thus they introduce large runtime overhead to the Android apps. This paper proposes a new approach called Leak Miner, which detects leakage of sensitive information on Android with static taint analysis. Unlike dynamic approaches, Leak Miner analyzes Android apps on market site. Thus, it does not introduce runtime overhead to normal execution of target apps. Besides, Leak Miner can detect information leakage before apps are distributed to users, so malicious apps can be removed from market before users download them. Our evaluation result shows that Leak Miner can detect 145 true information leakages inside a 1750 app set.","PeriodicalId":244586,"journal":{"name":"2012 Third World Congress on Software Engineering","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"190","resultStr":"{\"title\":\"LeakMiner: Detect Information Leakage on Android with Static Taint Analysis\",\"authors\":\"Zhemin Yang, Min Yang\",\"doi\":\"10.1109/WCSE.2012.26\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the growing popularity of Android platform, Android application market becomes a major distribution center where Android users download apps. Unlike most of the PC apps, Android apps manipulates personal information such as contract and SMS messages, and leakage of such information may cause great loss to the Android users. Thus, detecting information leakage on Android is in urgent need. However, till now, there is still no complete vetting process applied to Android markets. State-of-the-art approaches for detecting Android information leakage apply dynamic analysis on user site, thus they introduce large runtime overhead to the Android apps. This paper proposes a new approach called Leak Miner, which detects leakage of sensitive information on Android with static taint analysis. Unlike dynamic approaches, Leak Miner analyzes Android apps on market site. Thus, it does not introduce runtime overhead to normal execution of target apps. Besides, Leak Miner can detect information leakage before apps are distributed to users, so malicious apps can be removed from market before users download them. Our evaluation result shows that Leak Miner can detect 145 true information leakages inside a 1750 app set.\",\"PeriodicalId\":244586,\"journal\":{\"name\":\"2012 Third World Congress on Software Engineering\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"190\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Third World Congress on Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WCSE.2012.26\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Third World Congress on Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WCSE.2012.26","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
LeakMiner: Detect Information Leakage on Android with Static Taint Analysis
With the growing popularity of Android platform, Android application market becomes a major distribution center where Android users download apps. Unlike most of the PC apps, Android apps manipulates personal information such as contract and SMS messages, and leakage of such information may cause great loss to the Android users. Thus, detecting information leakage on Android is in urgent need. However, till now, there is still no complete vetting process applied to Android markets. State-of-the-art approaches for detecting Android information leakage apply dynamic analysis on user site, thus they introduce large runtime overhead to the Android apps. This paper proposes a new approach called Leak Miner, which detects leakage of sensitive information on Android with static taint analysis. Unlike dynamic approaches, Leak Miner analyzes Android apps on market site. Thus, it does not introduce runtime overhead to normal execution of target apps. Besides, Leak Miner can detect information leakage before apps are distributed to users, so malicious apps can be removed from market before users download them. Our evaluation result shows that Leak Miner can detect 145 true information leakages inside a 1750 app set.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
