Detection of Privacy Sensitive Information Retrieval Using API Call Logging Mechanism within Android Framework

In recent years, Android based smartphones have become popular. As a feature of a smart phone, much information for identifying a user and information linked to user’s privacy is saved in a terminal. For this feature, many malwares targeting privacy information are developed. Many security mechanisms are provided in Android for such malwares. However, it is difficult for users to judge the availability of application by understanding the potential threats in the application. In this paper, we focus on acquisition of information by using a remote procedure call when we invoke the API to acquire phone ID. We design a methodology to record invocation of the API by inserting Log.v methods. Proposal method is implemented within Android framework layer. For this reason, malicious application developers cannot circumvent log output by their malwares. We examined our method, and confirmed empirically the record of the invocation behavior of the API to acquire phone ID.