Making Android Apps Data-Leak-Safe by Data Flow Analysis and Code Injection
2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)(2016)
摘要
Some support is needed in order to shun the possibility that sensitive data handled by applications are sent to improper destinations. Although apps running on Android OS declare the accessed services, once the user accepts, the application receives complete permissions and may use sensitive data improperly. Some tools have emerged to check data access and flow, however such tools are either based on static analysis or dynamic tracking. The former brings no overhead at run-time, but is less precise, the latter can bring a costly overhead during execution, having to monitor any access to sensitive data and all destinations. Our approach is innovative in that it takes advantage of static analysis and then monitors at run-time only data paths that potentially give sensitive data out. The correspondent tool is tailored to Android environment, tool-chain, libraries, and typical requirements that applications have to satisfy.
更多查看译文
关键词
Privacy,data flow analysis,bytecode change
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络