中文摘要：

安卓平台中的应用程序可能通过录音的方式窃取用户的通话内容和环境声音，而当前基于权限管理的安卓系统安全机制并不能完全防止此类信息被恶意程序所窃取．在本文中，我们提出一种窃听程序检测工具ReeEye，它采用上下文敏感和信息流敏感的静态分析方法，用于检测安卓程序是否存在窃听行为．为了评估该工具的性能，我们从国内多个主流应用商城中随机下载了4万多款应用程序作为检测样本，RecEye发现其中3款确实存在窃听行为，而通过目前主流的反病毒软件进行查杀，大部分反病毒软件都没能检测出它们具有窃听隐患．同时，我们也分析了近l万款恶意软件样本，实验结果表明RecEye假阳率仅为6．52％而假阴率也仅为2％，且大部分软件都能在1分钟内分析完成．

英文摘要：

Android applications may steal the user＇s call conversation and ambient sound by means of recording. However, the security mechanism of current Android system based on privilege management can＇t completely prevent the user＇s private information from be- ing stolen by malicious programs. In this paper, we propose a detecting tool called RecEye,it applies context-sensitive and flow-sensi- tive static analysis to detect whether the application has the possibility to eavesdrop. To evaluate the performance of RecEye, we down- loaded 40,000 ＋ apps randomly from a variety of popular app stores for testing. The experimental results show that RecEye detected 3 true eavesdropping software, who are not marked as having hidden eavesdropping after being scanned by the mainstream Anti-Virus Software. Furthermore ,we also analyzed nearly 10,000 maiware samples ,and RecEye＇s accuracy statistics show an average of 6. 52% false nositive and 2% false negative and most of the software can be analyzed within I minute.