PrivGuard is an AI-driven privacy analysis tool designed to detect hidden data leaks and unauthorized permission usage in Android mobile applications. By combining static and dynamic analysis, it uncovers suspicious behaviors and mismatches between requested permissions and runtime access — empowering users and developers with deeper insights into app privacy.
I have successfully implemented the core functionality of permission and behavior analysis, including:
-
Static Permission Extraction
- Extracted permissions from
AndroidManifest.xmlusing decompilation tools. - Identified declared permissions vs. sensitive APIs accessed in Smali code.
- Extracted permissions from
-
Dynamic Permission Analysis via Hooking
- Deployed Frida-server to hook into target APKs at runtime.
- Extracted dynamic permission usage (e.g., location, contacts, camera).
- Compared runtime permission access with those declared/requested to detect hidden or excessive permission usage.
-
Tested in Real-World-Like Environment
- Successfully tested static and dynamic permission analysis on Android emulators:
- Android Studio Emulator
- Genymotion Emulator
- Both using Google Pixel (x86_64 architecture, 5th Generation) setup for enhanced compatibility and performance.
- Successfully tested static and dynamic permission analysis on Android emulators:
-
Initial Comparison Engine
- Developed logic to flag discrepancies between:
- Permissions declared in manifest
- Permissions asked during installation/runtime
- Permissions accessed dynamically
- Developed logic to flag discrepancies between:
| Tool / Library | Purpose |
|---|---|
| Frida + Frida-server | Dynamic analysis and runtime function hooking |
| Apktool | APK decompilation and static analysis |
| AAPT | Extracting APK metadata and manifest entries |
| Androguard | Parsing and analyzing DEX files |
| Test APKs from F-Droid | Used as open-source targets for analysis |
| Android Studio Emulator | Real-time test environment for dynamic hooking |
| Genymotion Emulator | Alternate emulator with good Frida compatibility |
| Python + Bash Scripts | Automating extraction and comparison tasks |
Here are the next key steps planned for building out the full system:
-
Supervised ML Model for Privacy Risk Classification
- Train a model to classify apps as Low, Medium, or High Risk based on extracted features.
-
Policy Matching via NLP
- Use a BERT-based NLP model to parse privacy policies.
- Match stated intentions with actual runtime behaviors and flag discrepancies.
-
Threat Visualization
- Build an interactive threat graph showing:
- User data entry points → accessed APIs → external destinations
- Highlight suspicious paths and flows
- Build an interactive threat graph showing:
-
Real-time Browser Extension (Bonus)
- Scan Play Store/F-Droid app links
- Show privacy risk score before installation
This project is intended for research and educational purposes only. Do not use on commercial or closed-source apps without explicit permission. Respect privacy and legality.
I welcome suggestions to improve this tool. Contributions are open to those interested in Android security, machine learning, or privacy engineering.
For queries or collaboration, reach out at:
y-sudharshan (Github -username)