智慧型手機和平板等行動裝置，在近年來已經愈來愈普及。隨著智慧型手機
開始擁有比以前更多的功能，使擁者傾向於把大部分的個人資訊儲存在手機裡。 跟其他的作業系統像是 IOS 和 Windows 相比，Android 依然是目前最多人使用 的系統。因此，如何確保敏感資訊的私密性以及安全性更顯重要。雖然 Android 可以藉由使用者同意的許可權機制保護我們的個人資訊，許多相關的安全問題還
是存在著。使用者無法偵測應用程式何時蒐集他們的個人資訊，然後透過網路將
它們散播到遠端的伺服器。
在本篇論文中，我們提出一個可以動態阻隔敏感資訊洩漏的系統。當應用程 式試圖透過呼叫 API 存取一些個人資訊時，使用者可以決定那是否是一個合法的 行為。如果不是，那麼我們的系統就可以返回空的資訊或是拒絕 API 的呼叫。此 外，HTTP 已經成為最普遍的資料傳輸協定之一。藉由阻隔 HTTP 請求以及顯示 標頭和主體，使用者會被告知從他們的裝置中散佈出去的任何資料。這對於使用
者敏感資訊洩漏的二次確認扮演一個重要的角色。

Mobile devices, such as smartphones and tablets, have become more popular in recent years. As smartphones have more functions than before, Users tend to store most of their personal information in it. Compared with other operating systems such as IOS and windows, Android is still the most used one. Therefore, how to guarantee privacy and security of sensitive information appears more important. AlthoughAndroidsystemcanprotectourpersonalinformationthroughpermissions granted by users, some security problem still exists. Users cannot detect when an Android app collect their personal information and distribute it to remote server through internet. Inthisthesis,weproposedasystemfordynamicallyblockingleakageofsensitive information. When an Android app try to obtain some personal information using API(Application Program Interfaces) calls, users can decide whether it is an legal behavior. If not, our system will return an empty information or deny call of the API. Furthermore, HTTP has become one of the most common protocol used in datatransmission. Byblockingthe HTTPrequests andshowingtheheader andthe entity,userswillbeinformedthedistributionofanydatafromtheirdevicesthrough internet. This part plays an important role in user’s sensitive information leakage for double check.

Table of Contents....i
List of Figures....iii
List of Tables....iv
Chapter 1 Introduction....1
1.1 Motivation....2
1.2 Our Contribution....2
1.3 Organization....3
Chapter 2 Background....4
2.1 Android Techniques....4
2.1.1 Android operating system....4
2.1.2 Decompile and hooking Method....6
2.2 Malware Analysis Method....7
2.2.1 Static Analysis....7
2.2.2 Dynamic Analysis....8
Chapter 3 Related Works....9
3.1 Dynamic analysis method....9
3.1.1 Droidbox....9
3.2 Information leakage detection method....10
3.2.1 LeakMiner....10
3.2.2 MockDroid....12
3.2.3 DroidTrack....13
3.2.4 TaintDroid....15
Chapter 4 System Architecture and Design....16
4.1 Goal....16
4.2 Challenges and Solutions....16
4.2.1 Challenges....16
4.2.2 Solutions....17
4.3 System Framework....18
4.4 Tools....20
4.4.1 Xposed....20
4.4.2 APIMonitor....20
4.4.3 Android Debug Bridge (adb)....21
Chapter 5 Implementation....22
5.1 Requirement....22
5.2 Preparation....23
5.2.1 Usage of Xposed framework API....23
5.2.2 Environment settings of devices....24
5.3 Setting App....25
5.3.1 Interface....25
5.3.2 Store preferences....26
5.4 Hook API....26
5.4.1 Filtering applications....26
5.4.2 Information-obtaining and HTTP client APIs....27
5.5 Show Dialog....30
Chapter 6 Evaluation....32
6.1 Experiment Design....32
6.1.1 Purposes....32
6.1.2 Sample set....32
6.1.3 Experiment process....33
6.2 Result and analysis....34
6.3 Comparison....36
Chapter 7 Conclusions....38
7.1 Conclusion....38

[1] Gartnerreportofsmartphonesales. http://www.gartner.com/newsroom/id/ 3215217.
[2] Number of apps on google play in march 21, 2016. http://www.appbrain. com/stats/number-of-android-apps.
[3] Yours apps are watching you. http://www.wsj.com/articles/ SB10001424052748704368004576027751867039730.
[4] Xposed. http://repo.xposed.info/.
[5] Cydia substrate. http://www.cydiasubstrate.com/.
[6] Android malware analysis. http://resources.infosecinstitute.com/ android-malware-analysis/.
[7] Min Zheng, Mingshen Sun, and John C.S. Lui. Droidanalytics: A signature based analytic system to collect, extract, analyze and associate android malware. In The 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 163–171, 2013.
[8] Sandbox. https://en.wikipedia.org/wiki/Sandbox_(computer_ security).
[9] Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. Crowdroid: Behavior-based malware detection system for android. In SPSM ’11 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 15–26, 2011.
39
[10] Droidbox. https://code.google.com/archive/p/droidbox/.
[11] Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy, pages 95–109, 2012.
[12] ZheMin Yang and Min Yang. Leakminer: Detect information leakage on android with static taint analysis. In Third World Congress on Software Engineering, pages 101–104, 2012.
[13] Alastair R. Beresford, Andrew Rice, Nicholas Skehin, and Ripduman Sohan. Mockdroid: trading privacy for application functionality on smartphones. In HotMobile ’11 Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pages 49–54, 2011.
[14] Shunya Sakamoto, Kenji Okuda, Ryo Nakatsuka, and Toshihiro Yamauchi. Droidtrack: Tracking and visualizing information diffusion for preventing informationleakageonandroid. InMultimediaandUbiquitousEngineering,pages 243–251, 2013.
[15] William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In ACM Transactions on Computer Systems (TOCS), pages Vol. 32, No. 2, Article 5, 2014.
[16] Naser Peiravian and Xingquan Zhu. Machine learning for android malware detectionusingpermissionandapicalls. InIEEE25thInternationalConference on Tools with Artificial Intelligence, pages 300–305, 2013.
[17] Dong-JieWu,Ching-HaoMao, Te-EnWei,Hahn-MingLee, andKuo-PingWu. Droidmat: Android malware detection through manifest and api calls tracing. In Seventh Asia Joint Conference on Information Security, pages 62–69, 2012.
[18] Wenjun Hu, Jing Tao, Xiaobo Ma, Wenyu Zhou, Shuang Zhao, and Ting Han. Migdroid: Detecting app-repackaging android malware via method invocation
40
graph. In 23rd International Conference on Computer Communication and Networks (ICCCN), pages 1–7, 2014.
[19] Hypertext transfer protocol. https://en.wikipedia.org/wiki/Hypertext_ Transfer_Protocol.
[20] Apimonitor. https://code.google.com/archive/p/droidbox/wikis/ APIMonitor.wiki.
[21] Androiddebugbridge. http://developer.android.com/intl/zh-tw/tools/ help/adb.html.
[22] Kingroot-theone-clickroottoolforalmostalldevices.http://www.kingroot. net/.