Thesis Identification of potentially malicious behavior through information flow analysis technique for mobile applications in android operating system
Loading...
Date
2024-06
Journal Title
Journal ISSN
Volume Title
Program
Ingeniería Civil Informática
Campus
Campus Casa Central Valparaíso
Abstract
Actualmente, la creciente adopción de los smartphones ha llevado a que estos dispositivos almacenen una cantidad cada vez mayor de información personal de los usuarios, que suele transmitirse sin un control riguroso. En particular, Android, siendo el sistema operativo con mayor cuota de mercado, naturalmente es un foco importante de esta problemática, presentando serias fallas de seguridad con respecto a sus contrapartes.
En esta línea, el presente estudio plantea una metodología apoyada en técnicas de análisis dinámico basadas en el análisis del tráfico de red de aplicaciones de Android, capaz de detectar los casos en que la información sensible del usuario abandona el dispositivo y bajo qué contexto. Se seleccionaron y analizaron un total de 96 aplicaciones populares de la Play Store y se identificaron los aspectos más relevantes para detectar fugas de información, permitiendo así categorizar aquellas con un mayor nivel de riesgo y resaltar el bajo nivel de privacidad que presentan las aplicaciones en la actualidad.
Nowadays, the growing adoption of smartphones has led to these devices storing an increasing amount of users’ personal information, which is often transmitted without rigorous control. In particular, Android, being the operating system with the largest market share, is naturally a major focus of this problem, presenting serious security flaws with respect to its counterparts. In this line, the present study proposes a methodology supported by dynamic analysis techniques based on the analysis of Android application network traffic, capable of detecting the cases in which sensitive user information leaves the device and under what context. A total of 96 popular apps from the Play Store were selected and analyzed and the most relevant aspects for detecting information leaks were identified, thus allowing to categorize those with a higher level of risk and highlighting the low level of privacy that apps currently have.
Nowadays, the growing adoption of smartphones has led to these devices storing an increasing amount of users’ personal information, which is often transmitted without rigorous control. In particular, Android, being the operating system with the largest market share, is naturally a major focus of this problem, presenting serious security flaws with respect to its counterparts. In this line, the present study proposes a methodology supported by dynamic analysis techniques based on the analysis of Android application network traffic, capable of detecting the cases in which sensitive user information leaves the device and under what context. A total of 96 popular apps from the Play Store were selected and analyzed and the most relevant aspects for detecting information leaks were identified, thus allowing to categorize those with a higher level of risk and highlighting the low level of privacy that apps currently have.
Description
Keywords
Análisis dinámico, Seguridad, Android, Privacidad de información
