Android app suspicious hidden sensitive operation detection with high coverage of program execution path

Detection of Suspicious Hidden Sensitive Operations (SHSO) is essential for identifying security vulnerabilities in Android applications. However, accurately identifying SHSO is complicated by anomalous control flow. Existing methods represent the main program, which includes exception handling code, as a control flow graph. The uncertainty of anomalous control flow results in missing edges between certain subgraphs and the main program entry, rendering certain subgraphs unreachable and preventing SHSO detection. Additionally, the distribution of normal sensitive operations is often imbalanced, resulting in prediction bias and misidentification of minority class samples. To address these issues, a method for detecting Android app SHSO that achieves high coverage of program execution paths is proposed. This method uses instruction labels to pinpoint exception handling code and extracts relevant sensitive function calls to complete execution paths. We implement similarity-based binary clustering of normal sensitive operations to filter minority classes and construct independent classification models for each class to reduce false positives. Experimental results show that the method significantly outperforms state-of-the-art techniques across multiple datasets, enhancing both recall and accuracy in SHSO detection.