View article

With the enormous popularity of smartphones, millions of mobile apps are developed to provide rich functionalities for users by accessing certain personal data, leading to great privacy concerns. To address this problem, many approaches have been proposed to detect privacy disclosures in mobile apps, but they largely fail to automatically determine whether the privacy disclosures are necessary for the functionality of apps. As a result, security analysts may easily face with a large number of false positives when directly adopting such approaches for app analysis. In this paper, we propose LeakDoctor, an analysis system seeking to automatically diagnose privacy leaks by judging if a privacy disclosure from an app is necessary for some functionality of the app. Functionality-irrelevant privacy disclosures are not justifiable, so considered as potential privacy leak cases. To achieve this goal, LeakDoctor integrates …