ABSTRACT
Preventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to untrusted parties by design. With PCs, apps execute in two sequential phases. In the unsealed phase, the app has no access to sensitive input but full access to untrusted network resources. In the sealed state, the untrusted app has access to sensitive input, but can no longer communicate with untrusted resources. Privacy capsules are implemented by the mobile platform, are language independent, and require few changes to apps. Using a prototype PC implementation in Android, we show that PCs have low performance and energy overhead, and are suitable for a large class of apps.
- Android traceview tool. http://developer.android.com/tools/ help/traceview.html. Accessed: 08.12.2015.Google Scholar
- Meet Bump, the App Store's Billionth Download. http://www.pcworld.com/article/163840/article.html. Accessed: Apr 11, 2016.Google Scholar
- MetaIntell identifies enterprise security risks, privacy risks and data leakage in 92% of top 500 android mobile applications. http://www.businesswire.com/news/home/ 20140122006295/en/MetaIntell-Identifies-Enterprise-S ecurity-Risks-Privacy-Risks#.VLeLfnWx15Q. Accessed: Jan 15, 2015.Google Scholar
- Mobile malware stealing data from legitimate apps. http://www.alphr.com/news/security/389716/mobile-malware-stealing-data-from-legi timate-apps. Accessed: Nov 22, 2015.Google Scholar
- Review: Bump, the One Billionth iPhone App. http://www.pcmag.com/article2/0,2817,2345899,00.asp. Accessed: Apr 11, 2016.Google Scholar
- The Top Ten Mobile Flashlight Applications Are Spying On You. Did You Know? http://www.cyberdefensemagazine.com/the-top-ten-mobile-flashlight-applications-a re-spying-on-you-did-you-know/. Accessed: Aug 31, 2015.Google Scholar
- UNH cyber forensics group reveals smartphone app issues affecting 968 million. http://www.unhcfreg.com/#!UNH-Cyber-Forensics-Group-Reveals-Smartphone-App-Issues-Affecti n g-968-Million/c5rt/376C3F2A-18F6-41E9-9A42-D05AAD8E2DCA. Accessed: Jan 15, 2015.Google Scholar
- Aditya, P., Sen, R., Joon Oh, S., Benenson, R., Bhattacharjee, B., Druschel, P., Wu, T., Fritz, M., and Schiele, B. I-Pic: A Platform for Privacy-Compliant Image Capture. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services (New York, NY, USA, 2016), MobiSys '16, ACM. Google ScholarDigital Library
- Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. SIGPLAN Not. 49, 6 (June 2014), 259--269. Google ScholarDigital Library
- Atzeni, A., Su, T., Baltatu, M., D'Alessandro, R., and Pessiva, G. How dangerous is your android app?: An evaluation methodology. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (ICST, Brussels, Belgium, Belgium, 2014), MOBIQUITOUS '14, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), pp. 130--139. Google ScholarDigital Library
- Au, K. W. Y., Zhou, Y. F., Huang, Z., and Lie, D. PScout: Analyzing the Android Permission Specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, ACM, pp. 217--228. Google ScholarDigital Library
- Backes, M., Gerling, S., Hammer, C., von Styp-Rekowsky, P., and Maffei, M. Appguard - real-time policy enforcement for third-party applications. Tech. Rep. A/02/2012, Saarland University, http://www.infsec.cs.uni-saarland.de/projects/appguard/android_irm.pdf, July 2012.Google Scholar
- Baden, R., Bender, A., Spring, N., Bhattacharjee, B., and Starin, D. Persona: An online social network with user-defined privacy. SIGCOMM Comput. Commun. Rev. 39, 4 (Aug. 2009), 135--146. Google ScholarDigital Library
- Bartel, A., Klein, J., Le Traon, Y., and Monperrus, M. Automatically securing permission-based software by reducing the attack surface: An application to android. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (New York, NY, USA, 2012), ASE 2012, ACM, pp. 274--277. Google ScholarDigital Library
- Bichhawat, A., Rajani, V., Garg, D., and Hammer, C. Information flow control in webkit's javascript bytecode. In Principles of Security and Trust, M. Abadi and S. Kremer, Eds., vol. 8414 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2014, pp. 159--178.Google ScholarCross Ref
- Cheng, W., Ports, D. R. K., Schultz, D., Popic, V., Blankstein, A., Cowling, J., Curtis, D., Shrira, L., and Liskov, B. Abstractions for Usable Information Flow Control in Aeolus. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference (Berkeley, CA, USA, 2012), USENIX ATC'12, USENIX Association, pp. 12--12. Google ScholarDigital Library
- Cox, L. P., Gilbert, P., Lawler, G., Pistol, V., Razeen, A., Wu, B., and Cheemalapati, S. Spandex: Secure password tracking for android. In Proceedings of the 23rd USENIX Conference on Security Symposium (Berkeley, CA, USA, 2014), SEC'14, USENIX Association, pp. 481--494. Google ScholarDigital Library
- Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., and Morris, R. Labels and Event Processes in the Asbestos Operating System. In Proceedings of the Twentieth ACM Symposium on Operating Systems Principles (New York, NY, USA, 2005), SOSP '05, ACM, pp. 17--30. Google ScholarDigital Library
- Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (Berkeley, CA, USA, 2010), OSDI'10, USENIX Association, pp. 1--6. Google ScholarDigital Library
- Felt, A. P., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security (New York, NY, USA, 2011), CCS '11, ACM, pp. 627--638. Google ScholarDigital Library
- Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android permissions: User attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (New York, NY, USA, 2012), SOUPS '12, ACM, pp. 3:1--3:14. Google ScholarDigital Library
- Garfinkel, T. Traps and pitfalls: Practical problems in system call interposition based security tools. In In Proc. Network and Distributed Systems Security Symposium (2003), pp. 163--176.Google Scholar
- Gerber, P., Volkamer, M., and Renaud, K. Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy. SIGCAS Comput. Soc. 45, 1 (Feb. 2015), 16--21. Google ScholarDigital Library
- Gibler, C., Crussell, J., Erickson, J., and Chen, H. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. In Proceedings of the 5th International Conference on Trust and Trustworthy Computing (Berlin, Heidelberg, 2012), TRUST'12, Springer-Verlag, pp. 291--307. Google ScholarDigital Library
- Henderson, A., Prakash, A., Yan, L. K., Hu, X., Wang, X., Zhou, R., and Yin, H. Make it work, make it right, make it fast: Building a platform-neutral whole-system dynamic binary analysis platform. In Proceedings of the 2014 International Symposium on Software Testing and Analysis (New York, NY, USA, 2014), ISSTA 2014, ACM, pp. 248--258. Google ScholarDigital Library
- Jeon, J., Micinski, K. K., Vaughan, J. A., Fogel, A., Reddy, N., Foster, J. S., and Millstein, T. Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (New York, NY, USA, 2012), SPSM '12, ACM, pp. 3--14. Google ScholarDigital Library
- King, D., Hicks, B., Hicks, M., and Jaeger, T. Implicit flows: Can't live with 'em, can't live without 'em. In Proceedings of the 4th International Conference on Information Systems Security (Berlin, Heidelberg, 2008), ICISS '08, Springer-Verlag, pp. 56--70. Google ScholarDigital Library
- LaMarca, A., Chawathe, Y., Consolvo, S., Hightower, J., Smith, I., Scott, J., Sohn, T., Howard, J., Hughes, J., Potter, F., Tabert, J., Powledge, P., Borriello, G., and Schilit, B. Place lab: Device positioning using radio beacons in the wild. In Proceedings of the Third International Conference on Pervasive Computing (Berlin, Heidelberg, 2005), PERVASIVE'05, Springer-Verlag, pp. 116--133. Google ScholarDigital Library
- Lee, S., Wong, E. L., Goel, D., Dahlin, M., and Shmatikov, V. πBox: A platform for privacy-preserving apps. In Proceedings of the 10th USENIX Conference on Networked Systems Design and Implementation (Berkeley, CA, USA, 2013), nsdi'13, USENIX Association, pp. 501--514. Google ScholarDigital Library
- Lu, L., Li, Z., Wu, Z., Lee, W., and Jiang, G. CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, ACM, pp. 229--240. Google ScholarDigital Library
- Ren, J., Rao, A., Lindorfer, M., Legout, A., and Choffnes, D. ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services (New York, NY, USA, 2016), MobiSys '16, ACM. Google ScholarDigital Library
- Schwartz, E. J., Avgerinos, T., and Brumley, D. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proceedings of the 2010 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2010), SP '10, IEEE Computer Society, pp. 317--331. Google ScholarDigital Library
- Singh, K., Bhola, S., and Lee, W. xbook: Redesigning privacy control in social networking platforms. In Proceedings of the 18th Conference on USENIX Security Symposium (Berkeley, CA, USA, 2009), SSYM'09, USENIX Association, pp. 249--266. Google ScholarDigital Library
- Sun, M., and Tan, G. NativeGuard: Protecting Android Applications from Third-party Native Libraries. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks (New York, NY, USA, 2014), WiSec '14, ACM, pp. 165--176. Google ScholarDigital Library
- Viswanath, B., Kiciman, E., and Saroiu, S. Keeping information safe from social networking apps. In Proceedings of the 2012 ACM Workshop on Workshop on Online Social Networks (New York, NY, USA, 2012), WOSN '12, ACM, pp. 49--54. Google ScholarDigital Library
- Xu, R., Sädi, H., and Anderson, R. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of the 21st USENIX Conference on Security Symposium (Berkeley, CA, USA, 2012), Security'12, USENIX Association, pp. 27--27. Google ScholarDigital Library
- Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazières, D. Making Information Flow Explicit in HiStar. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7 (Berkeley, CA, USA, 2006), OSDI '06, USENIX Association, pp. 19--19. Google ScholarDigital Library
Index Terms
- Privacy Capsules: Preventing Information Leaks by Mobile Apps
Recommendations
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Privacy as part of the app decision-making process
CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsSmartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have ...
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and SystemsCommunications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
Comments