由于社交类应用涉及的隐私数据类型非常多,导致这类应用在被广泛使用的同时,频繁出现用户隐私泄露事件,但是目前还鲜有针对社交应用的隐私泄露检测机制的研究。该文结合 Android 系统的特性,提出一个面向Android 社交类应用检测框架 X-Decaf(Xposed-based-detecting-cache-file),创新性地利用污点追踪技术以及Xposed框架,获取应用内疑似泄露路径,监测隐私数据的缓存文件。此外,该文给出了对隐私泄露进行评级的建议,并利用该框架对50款社交类应用进行了检测,发现社交类应用普遍存在泄露用户隐私信息的漏洞。%Since social applications involve various types of information related to the user privacy, events of privacy leakage occur frequently along with their popular applications and few studies are available on the privacy leakage detection for social applications. With the combination of the characteristics of the Android system as well as the exploitation of the taint trackingtechnology and Xposed framework, a privacy leakage detection tool named X-Decaf (Xposed-based-detecting-cache-file) is proposed, which is oriented to social applications on Android platform. It suspects the leakage paths within the applications and detects the privacy data’s cache files.This paper also presents a suggestion for the evaluation of the privacy leakage. Evaluation results of 50 kinds of Android social applications show that many vulnerabilities of user privacy leakage exist in the social applications on Android platform.
展开▼
