Abstract

Third-party libraries are widely used in Android apps. As third-party libraries share permissions with the host apps, they are easily over-privileged and leak users' privacy without notice. Combing static third-party library detection tool and dynamic Xposed framework, we propose a fine-grained and dynamic privacy leakage analysis tool to analyze the privacy leakage behaviors of third-party libraries in real time. This paper identifies three types of privacy leakage path inside apps. We evaluate 150 popular apps, collecting 1909 privacy information related call chains. We find the third-party libraries access to privacy information account for the largest proportion, and most of third-party libraries have direct network connections and the correspondent flows are inspected to validate the privacy leakage risk. The results show that the tool can achieve real-time, fine-grained and dynamic privacy behavior analysis of Android apps.

Full Text

Published Version

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.