The popularity and widely use of cellphone have greatly stimulated the spread of the apps. Meanwhile, security issues are increasing quickly, particularly for Android based devices. In this paper, through analyzing the android permissions system and android API system, we want to find out the relationship between permissions and APIs. Furthermore, we propose an approach to detect message intercepting malware. The contribution of this paper is threefold: first, we perform static analysis on the app to extract permissions and system APIs. In order to avoid permissions and APIs over declaration, we build java function call graph and find the system APIs been used; secondly, we proposed a light weight method to dynamic find out and update the relationship between permissions and APIs; third, we proposed a dynamic controlled method to detect android malwares. This proposed method is verified by extensive experiments.
[1]
Zhen Huang,et al.
Short paper: a look at smartphone permission models
,
2011,
SPSM '11.
[2]
Hui Xiong,et al.
Mobile app recommendations with security and privacy awareness
,
2014,
KDD.
[3]
Jiaming He,et al.
Extending Android Security Enforcement with a Security Distance Model
,
2011,
2011 International Conference on Internet Technology and Applications.
[4]
Miryung Kim,et al.
An Empirical Study of API Stability and Adoption in the Android Ecosystem
,
2013,
2013 IEEE International Conference on Software Maintenance.
[5]
Paul C. van Oorschot,et al.
A methodology for empirical analysis of permission-based security models and its application to android
,
2010,
CCS '10.