点击次数：

所属单位：计算机科学与技术学院/人工智能学院/软件学院

发表刊物：CLOUD COMPUTING AND SECURITY, PT II

关键字：Android security Privacy protection Static and dynamic analysis Smali instrumentation Storage vulnerability

摘要：In recent years Android has become the most popular operating system in mobile phone, and a variety of apps bring people great convenience in our daily life and work. Due to the resource constraints in mobile phone and user experience considerations, a large number of private data are stored in the phone itself. Privacy Leaks will bring huge losses to us. EditText, which is designed for Android developers to input the sensitive data (e.g. username, password, search keywords etc.) to the apps, carries much User-Input Privacy (UIP) data. So, whether these UIP data is stored in the phone safely becomes the key to protect the privacy. In this paper, we do the research about the UIP data in EditText widget, and detect whether the data entered by the user is safely stored through static taint analysis and dynamic Smali Instrumentation. Experiments show that some of the apps store the UIP data in EditText at an unsafe location or store them in a weak way, which will bring the risk of privacy leakage.

ISSN号：0302-9743

是否译文：否

发表时间：2017-01-01

合写作者：庄毅

通讯作者：刘长江