Abstract
Third-party libraries are widely used in Android apps. As third-party libraries share permissions with the host apps, they are easily over-privileged and leak users' privacy without notice. Combing static third-party library detection tool and dynamic Xposed framework, we propose a fine-grained and dynamic privacy leakage analysis tool to analyze the privacy leakage behaviors of third-party libraries in real time. This paper identifies three types of privacy leakage path inside apps. We evaluate 150 popular apps, collecting 1909 privacy information related call chains. We find the third-party libraries access to privacy information account for the largest proportion, and most of third-party libraries have direct network connections and the correspondent flows are inspected to validate the privacy leakage risk. The results show that the tool can achieve real-time, fine-grained and dynamic privacy behavior analysis of Android apps.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
