基于Android无障碍服务的行为监控

马文聪; 谭毓安; 冯硕; 刘璐; 李元章

doi:10.12263/DZXB.20220319

您当前的位置：

首页 >

文章列表页 >

基于Android无障碍服务的行为监控

学术论文 | 更新时间：2025-12-11

- 基于Android无障碍服务的行为监控
- Behavior Monitoring Based on Android Accessibility Service
- 电子学报 2023年51卷第12期页码：3572-3581
- 作者机构：
  
  1.北京理工大学计算机学院，北京 100081
  2.北京理工大学网络空间安全学院，北京 100081
- 作者简介：
  
  [ "马文聪女，1999年出生于安徽省池州市.2021年于北京理工大学获得学士学位.现为北京理工大学计算机学院硕士研究生.主要研究方向为信息安全.E-mail: 3120211066@bit.edu.cn" ]
  [ "谭毓安男，1972年1月出生于重庆巫溪.北京理工大学网络空间安全学院教授.主要研究方向为人工智能安全、系统安全. E-mail: tan2008@bit.edu.cn" ]
  [ "冯硕女，1997年出生于河北省唐山市.2019年于河北工业大学获得学士学位，2022年于北京理工大学获得硕士学位.主要研究方向为信息安全. E-mail: 17330582191@163.com" ]
  [ "刘璐女，1992年出生于四川省广安市.2017年于北京理工大学获得硕士学位.现为北京理工大学计算机学院实验师.主要研究方向为信息安全与机器学习. E-mail: liulu@bit.edu.cn" ]
  [ "李元章（通讯作者）男，1978年2月出生于江苏盐城.分别于2001、2004及2015年获得北京理工大学学士、硕士和博士学位.现为北京理工大学计算机学院副教授.主要研究方向为信息系统安全、人工智能安全等. E-mail: popular@bit.edu.cn" ]
- 基金信息：
  
  国家自然科学基金(62072037;U1936218)
- DOI：10.12263/DZXB.20220319
  中图分类号： TP391
- 收稿：2022-03-28，
  
  修回：2022-07-12，
  
  纸质出版：2023-12-25
- 稿件说明：
移动端阅览
马文聪,谭毓安,冯硕等.基于Android无障碍服务的行为监控[J].电子学报,2023,51(12):3572-3581.

MA Wen-cong,TAN Yu-an,FENG Shuo,et al.Behavior Monitoring Based on Android Accessibility Service[J].ACTA ELECTRONICA SINICA,2023,51(12):3572-3581.
马文聪,谭毓安,冯硕等.基于Android无障碍服务的行为监控[J].电子学报,2023,51(12):3572-3581. DOI： 10.12263/DZXB.20220319.

MA Wen-cong,TAN Yu-an,FENG Shuo,et al.Behavior Monitoring Based on Android Accessibility Service[J].ACTA ELECTRONICA SINICA,2023,51(12):3572-3581. DOI： 10.12263/DZXB.20220319.

摘要

用户在手机上的异常行为给社会、企业和个人带来一定的损失和风险.例如用户使用手机违规记录企业的敏感信息、使用手机终端在社交网络上散布违法违规内容和言论等.然而目前尚没有直接运行在终端、对用户本机应用操作进行监控的技术.鉴于目前大部分手机都是Android平台，本文以Android智能手机为研究对象，提出一种基于无障碍服务的用户行为监控技术.用户界面发生变化时，会产生大量基于视图层次结构编写的无障碍事件.本方法筛选出关键的无障碍事件并对其进行遍历，获取界面组件元素、无障碍事件的类型、界面焦点对象等信息，进而判断用户是否存在敏感行为.本方法不依赖于特定的Android版本；通过对无障碍事件进行过滤，提高处理性能；通过调整应用监控范围和监控粒度，保障用户隐私.为了证明本方法的可行性，在真实Android设备上进行测试，可正确监控用户在四种不同应用上的行为.性能测试表明本方法的平均延迟小、CPU（Central Processing Unit）占有率低、内存消耗少，不影响用户正常使用.

Abstract

The abnormal behavior of users on mobile phones brings certain losses and risks to the country

society

enterprises and individuals. Such as

users record sensitive information of enterprises with the help of mobile phones

or use mobile phones to spread false statements on social networks. However

there is no technology to directly run on the terminal to monitor the user's local application operation. Since most mobile phones are Android platforms

this paper takes Android smart phones as the research object

and proposes a user behavior monitoring technology based on accessibility service. When the phone's interface changes

there will be a large number of accessibility events written based on the view hierarchy. Our method selects the key accessibility events

traverses them

obtains the information on interface component elements

types of accessibility events

interface focus objects and so on

and then judges the user's behavior. Our method does not depend on a specific Android version; improves processing performance by filtering accessibility events; protects users' privacy by adjusting the application monitoring scope and monitoring granularity. In order to prove the feasibility of our method

we experiment on the devices in the physical world and correctly monitor the behavior of users in four different applications. Performance testing shows that our method has low CPU consumption and low average memory occupancy.

关键词

Keywords

references

Statista . Number of available applications in the Google Play Store from December 2009 to December 2021 [EB/OL ] . (2022) . https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/ https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/ .

卿斯汉 . Android安全研究进展 [J ] . 软件学报 , 2016 , 27 ( 1 ): 45 - 71 .

QING S H . Research progress on android security [J ] . Journal of Software , 2016 , 27 ( 1 ): 45 - 71 . (in Chinese)

何远 , 张玉清 , 张光华 . 基于黑盒遗传算法的Android驱动漏洞挖掘 [J ] . 计算机学报 , 2017 , 40 ( 5 ): 1031 - 1043 .

HE Y , ZHANG Y Q , ZHANG G H . Android driver vulnerability discovery based on black-box genetic algorithm . Chinese Journal of Computers , 2017 , 40 ( 5 ): 1031 - 1043 . (in Chinese)

董超 , 杨超 , 马建峰 , 等 . Android系统中第三方登录漏洞与解决方案 [J ] . 计算机学报 , 2016 , 39 ( 3 ): 582 - 594 .

DONG C , YANG C , MA J F , et al . The vulnerabilities and solutions of third-party login services in android system . Chinese Journal of Computers , 2016 , 39 ( 3 ): 582 - 594 . (in Chinese)

马凯 , 郭山清 . 面向Android生态系统中的第三方SDK安全性分析 [J ] . 软件学报 , 2018 , 29 ( 5 ): 1379 - 1391 .

MA K , GUO S Q . Security analysis of the third-party SDKs in the android ecosystem [J ] . Journal of Software , 2018 , 29 ( 5 ): 1379 - 1391 . (in Chinese)

张磊 , 杨哲慜 , 李明琪 , 等 . TipTracer: 基于安全提示的安卓应用通用漏洞检测框架 [J ] . 计算机研究与发展 , 2019 , 56 ( 11 ): 2315 - 2329 .

ZHANG L , YANG Z M , LI M Q , et al . TipTracer: Detecting android application aulnerabilities based on the compliance with security guidance [J ] . Journal of Computer Research and Development , 2019 , 56 ( 11 ): 2315 - 2329 . (in Chinese)

李鹏伟 , 姜宇谦 , 薛飞扬 , 等 . 一种基于深度学习的强对抗性Android恶意代码检测方法 [J ] . 电子学报 , 2020 , 48 ( 8 ): 1502 - 1508 .

LI P W , JIANG Y Q , XUE F Y , et al . A robust approach for android malware detection based on deep learning [J ] . Acta Electronica Sinica , 2020 , 48 ( 8 ): 1502 - 1508 . (in Chinese)

SATO R , CHIBA D , GOTO S . Detecting android malware by analyzing manifest files [J ] . Proceedings of the Asia-Pacific Advanced Network , 2013 , 36 : 23 - 31 .

郭春 , 罗迪 , 申国伟 , 等 . 一种基于诱导机制的间谍软件检测方法 [J ] . 电子学报 , 2022 , 50 ( 4 ): 1014 - 1024 .

GUO C , LUO D , SHEN G W , et al . A spyware detection method based on inducement mechanism [J ] . Acta Electronica Sinica , 2022 , 50 ( 4 ): 1014 - 1024 . (in Chinese)

陈铁明 , 杨益敏 , 陈波 . Maldetect: 基于Dalvik指令抽象的Android恶意代码检测系统 [J ] . 计算机研究与发展 , 2016 , 53 ( 10 ): 2299 - 2306 .

CHEN T M , YANG Y M , CHEN B . Maldetect: An android malware detection system based on abstraction of Dalvik instructions [J ] . Journal of Computer Research and Development , 2016 , 53 ( 10 ): 2299 - 2306 . (in Chinese)

SHABTAI A , KANONOV U , ELOVICI Y , et al . “Andromaly”: A behavioral malware detection framework for android devices [J ] . Journal of Intelligent Information Systems , 2012 , 38 ( 1 ): 161 - 190 .

ENCK W , GILBERT P , HAN S , et al . TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones [J ] . ACM Transactions on Computer Systems , 2014 , 32 ( 2 ): 1 - 29 .

陈长青 , 郭春 , 崔允贺 , 等 . 基于API短序列的勒索软件早期检测方法 [J ] . 电子学报 , 2021 , 49 ( 3 ): 586 - 595 .

CHEN C Q , CUO C , CUI Y H , et al . Ransomware early detection method based on short API sequence [J ] . Acta Electronica Sinica , 2021 , 49 ( 3 ): 586 - 595 . (in Chinese)

Developers Google . Create your own accessibility service [EB/OL ] . ( 2022-02-23 )[ 2022-03-26 ] . https://developer.android.com/guide/topics/ui/accessibility/service https://developer.android.com/guide/topics/ui/accessibility/service .

Developers Google . Testing UI for multiple apps [EB/OL ] . ( 2022-03-18 )[ 2022-03-26 ] . https://developer.android.com/training/testing/ui-testing/uiautomator-testing.html https://developer.android.com/training/testing/ui-testing/uiautomator-testing.html .

MA X X , YAN B , CHEN G L , et al . Design and implementation of a toolkit for usability testing of mobile apps [J ] . Mobile Networks and Applications , 2013 , 18 ( 1 ): 81 - 97 .

PATERNÒ F , SCHIAVONE A G , CONTI A . Customizable automatic detection of bad usability smells in mobile accessed web applications [C ] // Proceedings of the 19th International Conference on Human-Computer Interaction with Mobile Devices and Services . New York : ACM , 2017 : 1 - 11 .

DEKA B , HUANG Z F , KUMAR R . ERICA: Interaction mining mobile apps [C ] // Proceedings of the 29th Annual Symposium on User Interface Software and Technology . New York : ACM , 2016 : 767 - 776 .

LETTNER F , HOLZMANN C . Automated and unsupervised user interaction logging as basis for usability evaluation of mobile applications [C ] // Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia . New York : ACM , 2012 : 118 - 127 .

COSTAMAGNA V , ZHENG C . ARTDroid: A virtual-method hooking framework on android ART runtime [EB/OL ] . ( 2022-01-01 )[ 2022-03-26 ] . https://ceur-ws.org/Vol-1575/paper_10.pdf https://ceur-ws.org/Vol-1575/paper_10.pdf .

TAN Y A , FENG S , CHENG X C , et al . An android inline hooking framework for the securing transmitted data [J ] . Sensors (Basel, Switzerland) , 2020 , 20 ( 15 ): 4201 .

Lody . VirtualApp [EB/OL ] . ( 2021-11-03 )[ 2022-03-17 ] . https://github.com/asLody/VirtualApp/blob/master/doc/VADev.md https://github.com/asLody/VirtualApp/blob/master/doc/VADev.md .

李晓娟 , 陈海波 . 基于分布式信息流控制的无障碍辅助性服务安全加固 [J ] . 软件学报 , 2018 , 29 ( 5 ): 1318 - 1332 .

LI X J , CHEN H B . Security reinforcement of accessibility service based on decentralized information flow control [J ] . Journal of Software , 2018 , 29 ( 5 ): 1318 - 1332 . (in Chinese)

KALYSCH A , BOVE D , MÜLLER T . How android's UI security is undermined by accessibility [C ] // Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium . New York : ACM , 2018 : 1 - 10 .

DIAO W , ZHANG Y , ZHANG L , et al . Kindness is a risky business: On the usage of the accessibility {APIs} in Android [C ] // 22nd International Symposium on Research in Attacks, Intrusions and Defenses . Berkeley : USENIX , 2019 : 261 - 275 .

Google . Get started on android with TalkBack - android accessibility help [EB/OL ] . (2020) . https://support.google.com/accessibility/android/answer/6283677?hl=en https://support.google.com/accessibility/android/answer/6283677?hl=en .

ZHANG X Y , DE GREEF L , SWEARNGIN A , et al . Screen recognition: Creating accessibility metadata for mobile applications from pixels [C ] // Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems . New York : ACM , 2021 : 1 - 15 .

SUN H T , JIN C J , HELU X H , et al . Research on android infiltration technology based on the silent installation of an accessibility service [J ] . International Journal of Distributed Sensor Networks , 2020 , 16 ( 2 ): 1550147720903628 .

BORGES N P , RAU J , ZELLER A . Speeding up GUI testing by on-device test generation [C ] // Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering . New York : ACM , 2020 : 1340 - 1343 .

NEGARA S , ESFAHANI N , BUSE R . Practical android test recording with espresso test recorder [C ] // 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice . Piscataway : IEEE , 2019 : 193 - 202 .

XIE N , NI Y R , LIU X X , et al . Implementation of simulation control automation tool based on android accessibility service [J ] . Journal of Physics: Conference Series , 2021 , 1881 ( 3 ): 032071 .

YANG Z M , YANG M , ZHANG Y , et al . AppIntent: Analyzing sensitive data transmission in android for privacy leakage detection [C ] // Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security . New York : ACM , 2013 : 1043 - 1054 .

PETITTI J . Appjudicator: Enhancing Android Network Analysis Through UI Monitoring [D ] . Worcester : Worcester Polytechnic Institute , 2021 .

HUANG J , BACKES M , BUGIEL S . A11y and Privacy don't have to be mutually exclusive: Constraining accessibility service misuse on Android [C ] // Proceedings of the 30th USENIX Security Symposium . Berkeley : USENIX , 2021 : 3631 - 3648 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于Android内核驱动的白名单网络控制

基于脑电和眼电的运动想象多尺度识别方法研究