基于细粒度污点跟踪策略的Android应用敏感信息泄露检测

针对Android应用存在的敏感信息泄露问题，基于细粒度信息流跟踪策略，利用静态污点跟踪技术设计了一个Android应用敏感信息泄露检测方案.该方案根据Smali代码的语法语义特点、应用内部的函数调用关系及Android通信机制建立了细粒度的污点传播策略，用不同的泄露检测策略和污点传播策略来驱动检测过程，根据跟踪结果确定应用是否存在敏感信息泄露.实验结果表明该方案能够对敏感信息泄露进行有效检测，增加了检测的准确性和灵活性，减少了分析过程中存在的信息流不全面和误报问题.

Sensitive Information Leakage Detection for Android Applications Based on Fine-Grained Taint Tracking Strategies

In response to the sensitive information leakage problem of Android applications, a detection scheme based on fine-grained information flow tracking strategies and static taint tracking technology was proposed. According to the syntax and semantic of Smali code, the internal call graph of application, the Android communication mechanism, and the fine-grained taint track rules were constructed, the taint a-nalysis was executed as well on the application according to the different leak manner and the propagation strategies. The sensitive information leakage was determined by the taint analysis result. Experiments show that the scheme can detect a variety of ways of sensitive data leakage effectively, improve the detec-tion accuracy and flexibility, and reduce the uncomprehensive of information flow path and false positive rate in the process of detection.