Affiliation of Author(s):计算机科学与技术学院/人工智能学院/软件学院
Journal:CLOUD COMPUTING AND SECURITY, PT II
Key Words:Android security Privacy protection Static and dynamic analysis Smali instrumentation Storage vulnerability
Abstract:In recent years Android has become the most popular operating system in mobile phone, and a variety of apps bring people great convenience in our daily life and work. Due to the resource constraints in mobile phone and user experience considerations, a large number of private data are stored in the phone itself. Privacy Leaks will bring huge losses to us. EditText, which is designed for Android developers to input the sensitive data (e.g. username, password, search keywords etc.) to the apps, carries much User-Input Privacy (UIP) data. So, whether these UIP data is stored in the phone safely becomes the key to protect the privacy. In this paper, we do the research about the UIP data in EditText widget, and detect whether the data entered by the user is safely stored through static taint analysis and dynamic Smali Instrumentation. Experiments show that some of the apps store the UIP data in EditText at an unsafe location or store them in a weak way, which will bring the risk of privacy leakage.
ISSN No.:0302-9743
Translation or Not:no
Date of Publication:2017-01-01
Co-author:zy
Correspondence Author:刘长江
Date of Publication:2017-01-01