Android application security analysis based on inter-component communication
Huang Yanyi
1
黄炎裔(1994-),女,硕士研究生,主要研究方向:软件安全,移动互联网安全
Guo Yanhui
1
郭燕慧(1974-),女,副教授、硕导,主要研究方向:移动互联网安全
Li Qi
1
李祺(1981-),女,副教授,主要研究方向:信息安全
1、School of cyberspace security, Beijing University of Posts and Telecommunications, Beijing 100876
Abstract:In recent years, malicious Android applications have gradually used other applications directly or indirectly to achieve illegal purposes, so the security research of Android applications has gradually shifted from single application to multi-application joint analysis. Aiming at the unique communication behavior between components in Android applications, this paper proposes a security analysis method for Android applications based on inter-component communication. Firstly, by matching the declaration and invocation information of the application, these links are established based on set constraints, and the unreliable links are eliminated by probability model. Then, the inaccessibility of code is solved by combining virtual main function with code stuffing, and a complete control flow graph is established to obtain the activation events and environmental factors in the linking process. Finally, according to the sensitive API usage of association, objective function, activation events of association and environmental factors in association process, we can synthetically judge whether there is privacy leakage in links. Finally, the selected sample set of Android application is analyzed by this method. The results show that the method can accurately extract the association relationship and effectively reduce the false positive value of privacy leak detection results.