Analysis and Comparison of Privacy Leak Static Detection Tools for Android Applications

Ji-wei YAN,Ming-su LI,Qiong LU,Jun YAN,Hong-yu GAO
DOI: https://doi.org/10.11896/j.issn.1002-137X.2017.010.025
2017-01-01
Abstract:In recent years,the problems of privacy leak in Android applications attract more and more attention.The maliciously access of private information will increase the risk of users' privacy leak.To solve this problem,researchers have proposed many privacy-leak detection tools that have differences in emphasis point and performance.In order to facilitate the understanding and using for researchers,this paper analyzed and compared nine kinds of privacy leak static detection tools for Android apps.We summarized the detection targets,methods,types of error detection and their efficiency.We also designed and conducted experiments for two open source tools,FlowDroid and IccTA,to test their perfor-mance and detecting ability.For the 50 downloaded apps,FlowDroid successfully detected 9 apps possessing privacy leak and IccTA detected 7 apps possessing ICC leak.For the 12 self-designed test cases,FlowDroid and IccTA can successfully detect all privacy leaks.
What problem does this paper attempt to address?