AppLance: A Lightweight Approach to Detect Privacy Leak for Packed Applications

摘要

Privacy leak of mobile applications has been a major issue in mobile security, and the prevalent usage of packing technology in mobile applications further complicates the problem and renders many existing analysis tools incapacitated. In this paper, we propose AppLance, a novel lightweight analysis system for Android packed applications without prior unpacking, which can also consider implicit information flow and privacy confusion. Without modifying Android system and the applications, AppLance runs on a mobile device as a dynamic analysis system, subtly evading the impact of various packing methods. Moreover, we build and release a benchmark, which contains 540 Android applications, to evaluate analysis tools aimed at packed applications. We evaluate AppLance on the benchmark and real-world applications, and the experimental results show that the system is effective and can be deployed on real devices with little overhead.