Peter Hornyack
Seungyeop Han
David Wetherall
ABSTRACT
We examine two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated: (1) covertly substituting shadow data in place of data that the user wants to keep private, and (2) blocking network transmissions that contain data the user made available to the application for on-device use only. We retrofit the Android operating system to implement these two controls for use with unmodified applications. A key challenge of imposing shadowing and exfiltration blocking on existing applications is that these controls could cause side effects that interfere with user-desired functionality. To measure the impact of side effects, we develop an automated testing methodology that records screenshots of application executions both with and without privacy controls, then automatically highlights the visual differences between the different executions. We evaluate our privacy controls on 50 applications from the Android Market, selected from those that were both popular and permission-hungry. We find that our privacy controls can successfully reduce the effective permissions of the application without causing side effects for 66% of the tested applications. The remaining 34% of applications implemented user-desired functionality that required violating the privacy requirements our controls were designed to enforce; there was an unavoidable choice between privacy and user-desired functionality.
- android-apktool: Tool for reengineering Android apk files. http://code.google.com/p/android-apktool/.Google Scholar
- Privacy Blocker. http://privacytools.xeudoxus.com/.Google Scholar
- S. T. Amir Efrati and D. Searcey. Mobile-app makers face U.S. privacy investigation. http://online.wsj.com/article/SB100014240527487038063045762429238047709%68.html, Apr. 5, 2011.Google Scholar
- Apple Inc. iPhone and iPod touch: Understanding location services. http://support.apple.com/kb/HT1975, Oct. 22, 2010.Google Scholar
- A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. MockDroid: Trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (HotMobile), 2011. Google ScholarDigital Library
- J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In USENIX Security Symposium, 2004. Google ScholarDigital Library
- M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting privacy leaks in iOS applications. In NDSS, 2011.Google Scholar
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In CCS, 2009. Google ScholarDigital Library
- A. Felt and D. Evans. Privacy protection for social networking APIs. In Proceedings of Web 2.0 Security And Privacy (W2SP), 2008.Google Scholar
- Google Inc. Android developers: Content providers. http://developer.android.com/guide/topics/providers/content-providers.h%tml.Google Scholar
- Google Inc. Android developers: Security and permissions. http://developer.android.com/guide/topics/security/security.html.Google Scholar
- Google Inc. Android developers: Using aapt. http://developer.android.com/guide/developing/tools/aapt.html.Google Scholar
- Google Inc. Android developers: Platform versions. http://developer.android.com/resources/dashboard/platform-versions.html%, Aug. 2011.Google Scholar
- A. Jääskeläinen. Design, Implementation and Use of a Test Model Library for GUI Testing of Smartphone Applications. Doctoral dissertation, Tampere University of Technology, Tampere, Finland, Jan. 2011.Google Scholar
- J. Newsome, S. McCamant, and D. Song. Measuring channel capacity to distinguish undue influence. In Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, June 15, 2009. Google ScholarDigital Library
- N. Provos. A virtual honeypot framework. In USENIX Security Symposium, 2004. Google ScholarDigital Library
- E. Smith. iPhone applications & privacy issues: An analysis of application transmission of iPhone unique device identifiers (UDIDs). In Technical Report, 2010.Google Scholar
- L. Spitzner. Honeypots: Tracking Hackers. Addison-Wesley, Boston, MA, Sept. 10, 2002. Google ScholarDigital Library
- Tampere University of Technology. Introduction: Model-based testing and glossary. http://tema.cs.tut.fi/intro.html.Google Scholar
- The Honeynet Project. Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community. Addison-Wesley, 2001.Google Scholar
- S. Thurm and Y. I. Kane. The Journal's cellphone testing methodology. The Wall Street Journal. Dec. 18, 2010. http://online.wsj.com/article/SB1000142405274870403480457%6025951767626460.html.Google Scholar
- S. Thurm and Y. I. Kane. Your apps are watching you. The Wall Street Journal. Dec. 18, 2010. online.wsj.com/article/SB10001424052748704694004576020083%703574602.html.Google Scholar
- N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. RIFLE: An architectural framework for user-centric information-flow security. In MICRO, 2004. Google ScholarDigital Library
- X. Wang, Z. Li, N. Li, and J. Y. Choi. PRECIP: Practical and retrofittable confidential information protection. In NDSS, Feb. 2008.Google Scholar
- H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In CCS, 2007. Google ScholarDigital Library
- Y. Zhou, X. Zhang, X. Jiang, and V. Freeh. Taming information-stealing smartphone applications (on Android). In International Conference on Trust and Trustworthy Computing (TRUST), 2011. Google ScholarDigital Library
Index Terms
- These aren't the droids you're looking for: retrofitting android to protect data from imperious applications
Recommendations
Dazed Droids: A Longitudinal Study of Android Inter-App Vulnerabilities
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityAndroid devices are an integral part of modern life from phone to media boxes to smart home appliances and cameras. With 38.9% of market share, Android is now the most used operating system not just in terms of mobile devices but considering all OSes. ...
SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones
CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and PrivacyWhile mobile sensing applications are booming, the sensor management mechanisms in current smartphone operating systems are left behind -- they are incomprehensive and coarse-grained, exposing a huge attack surface for malicious or aggressive third ...
Developing mobile apps using cross-platform frameworks: a case study
HCI'13: Proceedings of the 15th international conference on Human-Computer Interaction: human-centred design approaches, methods, tools, and environments - Volume Part IIn last few years, a huge variety of frameworks for the mobile cross-platform development have been released to deliver quick and overall better solutions. Most of them are based on different approaches and technologies; therefore, relying on only one ...
Comments