Permission Analysis Based Detection Method for Android Malicious Application of Privacy Leakage

: Nowadays, leakage of Android private information security is protected by application audit mechanism in formal application store and the Android mobile security mechanism. But because of insufficient of these two security, mechanism leakage of privacy incidents happened frequently. In this paper, we get the sensitive resources permission mapping table and sends the data permission mapping table according to the relationship between resources and permission and characteristics of sensitive resources. The judging rules and the detection process for the malicious application of privacy leakage are developed from these two mapping tables. Finally, 884application samples are tested and the experiment result demonstrates the advantages and disadvantages of the method.


Introduction
The Android phone has become one of the most popular smartphones and many applications are widely used in the meanwhile.The statistics of the IDC shows that, the google application store has published more than 120 million Android applications.Nowadays, many cell phone manufacturers, such as Huawei, Xiaomi and Samsung, are still work on the development of the Android phone.The Symantec regard those applications that haven't been authenticated by the formal manufacturer as the "gray applications" [1] , which have occupied one third of the whole application market.In consequence, there contains great potential dangerous in these gray applications.
At the same time, there are many loophole the legality of the certification application in formal application stores.For example, the google application store only verify whether the identity of the registrant is legal to make sure the legality of the applications, but the subsequent applications from the verified registrant would not be verified again.
Though the sandbox technology and the authorization mechanism are adopted to guarantee the reliability of the kernel, many process communicating with each other will make the private date leak.In today, a malicious attacker could locate the position of the user through the location function in the application, look over the private content in the message, or eavesdrop on conversations to steal and leak privacy data of the users.They make Android information security problems become more severe.In this paper, three works are investigated mainly as follows: (1) According to the relationship between resources and authority and the characteristics of sensitive resources summed up the sensitive resources -permission mapping table and sending-data resources -permission mapping table.
(2) Based on the two mapping tables, inducing three rules and testing procedures.
(3) We tested 884 samples of applications in the domestic third-party Android application market, and analyze the effectiveness and shortcomings of the method based on experimental results.

The ways of checking the applications reveal privacy data
This section is divided into three parts, the first part describes the institution of resource permission mapping table.The second part describes the rules for checking the applications reveal privacy data.The third part introduces the process of checking the applications reveal privacy data.

Resource Permission Mapping Table.
The institution of resource permission mapping table is divided into four steps: (1) Summarizing sensitive resources.Sensitive resources are resources that can store and transfer the privacy data or the valuable one [7,8] .According to the characteristic of privacy data in Android, there are eight resources including messages, contacts, call records, SD card, GPS locator, Bluetooth, camera and microphone (2) Summarizing outbound data resources.By viewing the instructions in the Android Developers website, you will be able to summarize the resources including the call, message, net-access, E-mail, Bluetooth when the application sends outbound data.
(3) Summarizing the characteristics of the relationship between resources and permission According to the description on the permission in the Android Developers, the relationship between resources and permissions have the following three characteristics:  The name of the permission contains the name of the resource with which the permission control  If the permission was registered, the program can only access a resource that is fixed in the phone. Several different permissions can be individually access to the same resource.
(4) Getting sensitive resources -permission mapping table, as shown in Table 1 and sending data resources -permission mapping table, as shown in Table 2. First, the resource names of the first and second steps are used as the first column of two tables.Then referring to the relationship between resources and permissions, we manually search on all the resources and add to two tables.

Rules for checking the applications reveal privacy data.
Based on the two mapping tables obtained in the previous section, the rules for determining privacy data is developed: Rule1: the permissions in Manifest.XML corresponding to sensitive data -permissions mapping table, the application can steal the privacy data in the phone.
Rule2: the permissions in Manifest.XML corresponding to send data -permissions mapping table, the application can send data out.
Rule3: When and only when the two rules to meet, the event that the application can reveal the privacy of mobile phones is determined.

The process of checking the application reveal privacy data.
To detect whether the application can reveal privacy data, this section has developed a specific testing process, that can be divided into the following three steps:  Finding the resources that the application can access.First, exporting the permissions registration information in the Manifest.XML [2,3,6] as shown in Figure 1 and saving.
 Matching the permission information in the first step with the sensitive-permission table.According to the rule1, if match is successful, the conclusion that the application can obtain the privacy data is determined, followed by the third step.If not, the process stops.
 Matching the permissions one-by-one between the permission in the first step with outgoing data-permission table.According to rule 2, if match is successful, the conclusion that the application can send data outwards is determined, finally drawing that the application will lead to the disclosure of the privacy data.

Experiment and result analysis
To test the advantages and disadvantages of the detection method of the application of data privacy leak formulated by this paper.This section has carried on the test, and analyze the test results.

Exper
We test social, new data.And 2

Exper
We con process at analyze the

The tes accessing s divide thes
In 519 a using GPS photograph number of Figure 2 The Zhou [4] , co behavior a M [5]  an discover hang N [9]

Table 1 .
Sensitive resource privilege mapping table