The open-source feature of Android brings the convenience for both developers and attackers.As a result,there exist lots of attacks,such as user privacy information leak,remote controll attack,system broken attack etc.In order to improve the legality and efficiency of privacy leakage detection,an automatic detection system named LeakDetector based on static taint tracking was proposed.In the system,the forest of leakage classification was used to detect the privacy leaks of an application.First of all,LeakDetector constructed some databases of privacy leakages using similar applications.Then Random Forest was used to turn the databases into a forest of leakage classification.The accuracy of result was improved by multiple-part voting mechanisms.The voting and reusable feature of the forest of leakage classification could improve the validity of privacy leakage detection results and reduce the workload of detectors.In addition,LeakDetector provided a function to locate the leak points,which could enrich the concise test results,and get the sinks and sources of the privacy leakage data flows in the application.Sixty-five weather apps were collected from five third-markets to generate leak databases and a forest of leakage classification was made.When a new testing weather app was input into the forest of leakage classification,twelve warnings classified into five leakage types were obtained.These five leakage types included leaking phone information through the Internet,leaking phone information to local log,leaking local log to content,leaking local log through the Internet and leaking local file through the Internet.Finally,the locations of the sinks and sources were identified through the function of reverse location.The experimental results showed LeakDetector could detect the privacy leakage from applications with an accuracy rate of 91.6%.Moreover,the reverse-location function could localize the leakage sources and leakage points.
