當今已有數以百萬計的行動應用程序在 Apple 的 App Store 中發布,並在iOS設備下載量超過150億次。為了保護iOS用戶免於惡意應用程式的傷害,Apple 對於上架之App 有相對嚴格的審查政策。通過審查的App才能在App Store中發布。在本文中,我們提出基於
iOS可執行檔的靜態字串分析技術用於檢驗App可能動態載入之類別 。為了檢查動態載入之類別是否符合Apple之規範,必須要能確定動態加載函數之可能字串參數值 。我們方法的第一步是使用現有工具擷取 iOS可執行檔的組合語言。然後自組合語言中建立整個程式的控制流程圖(CFGs) 。接著,在控制流程圖上識別動態加載類別的函數,並且對於該函數的每個參數,我們構造一個字串相依圖,用以顯示流向字串參數值的所有構成成分以及構成方式 。最後,我們對這些可能流向參數的字串進行字串分析,以確定這些參數值所有的可能值集合。透過把這些可能值與特徵值(從Apple 審查政策建構而來,例如私有/敏感性API),我們能夠檢測到App
潛在違背Apple政策之情形。我們分析了1300多種目前上架於App Store的App,並檢查他們是否違反蘋果關於使用私有API的政策以及
廣告識別碼(IDFA)政策。我們的工具提取了超過37000
這些App的字符相依圖,分析結果顯示208個App透過字串操作構組合出對應的API名稱並且有潛在的IDFA違規濫用之可能。我們的分析還發現了372個可以使用字串構建私有類名稱的應用程序和236個可以使用路徑字符串加載私有框架的App,這些App可能違反Apple 禁止使用私有API使用政策。 / Millions of mobile apps have been published in Apple's AppStore with more than 15 billion downloads by iOS devices. In order to protect iOS users from malicious apps, Apple has strict policies which are used to eliminate apps before they can be published in the AppStore. In this paper we present a string analysis technique for iOS executables for statically checking policies that are related to dynamically loaded classes. In order to check that an app conforms to such a policy, it is necessary to determine the possible string values for the class name parameters of the functions that dynamically load classes. The first step of our approach is to construct the assembly for iOS executables using existing tools. We then extract flow information from the assembly code and construct control flow graphs (CFGs) of functions. We identify functions that dynamically load classes, and for each parameter that corresponds to a dynamically loaded class, we construct a dependency graph that shows the set of values that flow to that parameter. Finally, we conduct string analysis on these dependency graphs to determine all potential string values that these parameters can take, which identifies the set of dynamically loaded classes. Taking the intersection of these values with patterns that characterize Apple's app policies (such as private/sensitive APIs), we are able to detect potential policy violations. We analyzed more than 1300 popular apps from Apple's AppStore and checked them against Apple's policy about the use of private APIs and the identifier for Advertising (IDFA). Our tool extracted more than 37000 string dependency graphs from these applications and our analysis reported 208 apps that compose the corresponding API with strings and have potential IDFA violations. Our analysis also found 372 apps that could have compose the private class name with string and 236 apps that could have load the private framework with path string; and could violate the private API usage policy.
Identifer | oai:union.ndltd.org:CHENGCHI/G0104356016 |
Creators | 林君翰, Lin, Jun Han |
Publisher | 國立政治大學 |
Source Sets | National Chengchi University Libraries |
Language | 英文 |
Detected Language | English |
Type | text |
Rights | Copyright © nccu library on behalf of the copyright holders |
Page generated in 0.0018 seconds