Mobile application APK file embedded privacy policy extraction method

Abstract

The invention discloses a mobile application APK (Android Package) file embedded privacy policy extraction method and belongs to the field of Android mobile terminal application software analysis and detection. The method specifically comprises the following steps of firstly, selecting a to-be-detected APK file for decompiling and rule matching, obtaining all URL (Uniform Resource Locator) links, respectively crawling each webpage content, and extracting feature words in a privacy policy text; meanwhile, collecting feature words of a plurality of webpages to train a dichotomy model in advance; inputting feature words of the to-be-detected APK file into the trained dichotomy model one by one, judging whether a privacy policy page exists in an output result or not, and if yes, outputting a privacy policy and ending; otherwise, performing automatic dynamic testing, monitoring request addresses in the traffic, extracting corresponding URL links, crawling contents of pages to extract feature words, inputting the feature words into a dichotomy model for judgment, and ending till a privacy policy page is found or a set traversal depth is exceeded. According to the method, dynamic and static tests are combined, so extraction efficiency and the success rate of privacy policies are improved.

Description

technical field [0001] The invention belongs to the field of Android mobile terminal application software analysis and detection, and relates to a method for extracting a privacy policy embedded in an APK file of a mobile application. Background technique [0002] Static analysis refers to scanning the program files by various means such as lexical analysis or syntax analysis without running, thereby generating the decompiled code of the program, and then reading the decompiled code to grasp the function of the program. It is essentially static text analysis, so it has high analysis efficiency. [0003] Common static decompilation tools include apktool, backsmali, and dex2jar, among which apktool is the most commonly used decompilation tool for static analysis. It is written in Java and can decompile and recompile APK files. It also has the ability to install a specific framework-res framework. Clean up the last decompiled folder and other functions. [0004] After the sam...

AI Technical Summary

Problems solved by technology

[0008] However, there are few existing studies on the extraction of privacy policies embedded in mobile applications. The main method is to analyze the application file structure through static analysis, preprocess the input samples, extract the required information, and generate the Activity tree. Figure; and then based on the Activity tree diagram and tree hierarchy, the Activity traversal script written by the traversal strategy, the main task is to find the page where the privacy agreement is located, and obtain the privacy policy file inside the mobile application by matching the keywords of the page-related control text

[0009] Since the accuracy of the activity tree diagram decreases with the level, and there may be omissions in the judgment of the privacy policy link based on the control text matching, there is still room for improvement in the success rate of privacy policy discovery

In addition, this method requires two steps of static analysis and automated testing for each input sample. Due to the complexity of the steps and the time-consuming automated testing, the extraction speed is slow

Images