ADS-SA: System for Automatically Detecting Sensitive Path of Android Applications Based on Static Analysis

With the booming mobile Internet and Android App market, Android security issues have become increasingly prominent. As the main way for information disclosure in Android Apps, sensitive path has become an important part of Android security research. Aiming at the problem that static analysis cannot verify whether the sensitive path is triggered by reality, this paper proposes a system ADS-SA based on static analysis to automatically detect sensitive path. The system first constructs an Android component conversion diagram through data flow analysis, and then obtains an Android function call graph through control flow analysis. Secondly, the sensitive path backtracking algorithm is designed and used to obtain the sensitive path set. Finally, the automated testing framework, Appium, is used to trigger and verify the authenticity of the sensitive path set. The test results show that the ADS-SA can automatically detect more than 87% of sensitive paths at a low time cost with high reliability and effectiveness.