| Popis: |
Tracking API calls of an Android application (app) has significant value for deeply understanding the app's running behaviors, so that to detect security damages, sensitive information leakages, energy consumptions, system resources occupations of the app, etc. However, existing methods track API calls of a target app through launching and manipulating the app in a real or simulated operating environment. The entire process is time consuming, which leads to low efficiency for practical system executing batch analysis for a considerable scale of apps. In order to enhance the speed of API calls tracking, in this paper, we propose a static analysis method, called EstiDroid, to estimate API calls of Android apps by statically analyzing the apps without actually running them. EstiDroid is composed of a static analyzer and an estimation algorithm. To analyze a target app, EstiDroid first obtains several types of static information from the app's.APK file via the static analyzer, then, the estimation algorithm is employed to establish the estimation model for the app based on the static information. Finally, according to the model, the proportion of each API's calls in the total number of calls is estimated. In experiments, 300 apps are tested via EstiDroid and manual operation in smartphone, the results show that EstiDroid only consumed 49242ms on average compared with manual testing, and it reached 84.06% average similarity and 90.74% maximum similarity compared with the API calls tracked in real environments. |
