Static detection method for privacy information disclosure in mobile applications

Abstract

The invention discloses a static detection method for privacy information disclosure in mobile applications. The method comprises the steps as follows: firstly, the completeness of codes is checked, if the codes are incomplete, preparatory work is performed on source codes, state machine description files corresponding to the privacy disclosure are loaded, related state machine information is obtained, the source codes are compiled to obtain detailed information of classes, functions and the like, pre-analysis is performed on the source codes, basic data structures such as abstract syntax trees and the like are generated, and call relations among the functions are obtained; and then detection and analysis is performed in units of the functions, state machine instances are created for all state machines with associated methods in the state machines, state machine instance iteration is performed on control flow diagrams corresponding to the functions, when the state machine instances are in error states, errors are reported, after detection is finished, the detected errors are checked manually, and detection results are confirmed. With the adoption of the method, the privacy disclosure codes existing in application programs of different operating system platforms can be effectively detected, so that the privacy information disclosure of users can be effectively prevented.

Description

technical field [0001] The invention relates to software testing technology and application program safety detection technology, in particular to a static detection method for privacy information leakage in mobile applications. Background technique [0002] Mobile device application privacy leakage has attracted the attention of many research institutions and scholars, and many institutions at home and abroad have carried out related research. According to whether the detected application is running, detection technologies can be divided into two types: dynamic detection and static detection. [0003] The dynamic detection technology is to check whether the application has leaked privacy during the process of running the application. Since the detection is performed during the running of the application, dynamic detection has relatively high requirements for real-time performance, because threats must be detected before the malicious application leaks the user's privacy. ...

AI Technical Summary

Problems solved by technology

[0006] At present, the privacy and security issues of the mobile Internet are serious. Once the privacy information is leaked, it will cause property losses to the smart mobile terminal users, and the reputation, personality, and even personal safety will be threatened. The consequences for development will be severe

However, the existing commonly used mobile phone security software to detect and kill privacy leaks is difficult to prevent the leakage of mobile phone privacy information from the source due to various reasons such as various operating platforms and regular updates or upgrades.

Images