Privacy Capsules: Preventing Information Leaks by Mobile Apps

Authors:
Raul Herbster

MPI-SWS, Saarbruecken, Germany

MPI-SWS, Saarbruecken, Germany
View Profile

,
Scott DellaTorre

University of Maryland, College Park, USA

University of Maryland, College Park, USA
View Profile

,
Peter Druschel

MPI-SWS, Saarbruecken, Germany

MPI-SWS, Saarbruecken, Germany
View Profile

,
Bobby Bhattacharjee

University of Maryland, College Park, USA

University of Maryland, College Park, USA
View Profile

MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and ServicesJune 2016Pages 399–411https://doi.org/10.1145/2906388.2906409

Published:20 June 2016Publication History

MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Pages 399–411

ABSTRACT

Preventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to untrusted parties by design. With PCs, apps execute in two sequential phases. In the unsealed phase, the app has no access to sensitive input but full access to untrusted network resources. In the sealed state, the untrusted app has access to sensitive input, but can no longer communicate with untrusted resources. Privacy capsules are implemented by the mobile platform, are language independent, and require few changes to apps. Using a prototype PC implementation in Android, we show that PCs have low performance and energy overhead, and are suitable for a large class of apps.

References

Android traceview tool. http://developer.android.com/tools/ help/traceview.html. Accessed: 08.12.2015.Google Scholar
Meet Bump, the App Store's Billionth Download. http://www.pcworld.com/article/163840/article.html. Accessed: Apr 11, 2016.Google Scholar
MetaIntell identifies enterprise security risks, privacy risks and data leakage in 92% of top 500 android mobile applications. http://www.businesswire.com/news/home/ 20140122006295/en/MetaIntell-Identifies-Enterprise-S ecurity-Risks-Privacy-Risks#.VLeLfnWx15Q. Accessed: Jan 15, 2015.Google Scholar
Mobile malware stealing data from legitimate apps. http://www.alphr.com/news/security/389716/mobile-malware-stealing-data-from-legi timate-apps. Accessed: Nov 22, 2015.Google Scholar
Review: Bump, the One Billionth iPhone App. http://www.pcmag.com/article2/0,2817,2345899,00.asp. Accessed: Apr 11, 2016.Google Scholar
The Top Ten Mobile Flashlight Applications Are Spying On You. Did You Know? http://www.cyberdefensemagazine.com/the-top-ten-mobile-flashlight-applications-a re-spying-on-you-did-you-know/. Accessed: Aug 31, 2015.Google Scholar
UNH cyber forensics group reveals smartphone app issues affecting 968 million. http://www.unhcfreg.com/#!UNH-Cyber-Forensics-Group-Reveals-Smartphone-App-Issues-Affecti n g-968-Million/c5rt/376C3F2A-18F6-41E9-9A42-D05AAD8E2DCA. Accessed: Jan 15, 2015.Google Scholar
Aditya, P., Sen, R., Joon Oh, S., Benenson, R., Bhattacharjee, B., Druschel, P., Wu, T., Fritz, M., and Schiele, B. I-Pic: A Platform for Privacy-Compliant Image Capture. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services (New York, NY, USA, 2016), MobiSys '16, ACM. Google ScholarDigital Library
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. SIGPLAN Not. 49, 6 (June 2014), 259--269. Google ScholarDigital Library
Atzeni, A., Su, T., Baltatu, M., D'Alessandro, R., and Pessiva, G. How dangerous is your android app?: An evaluation methodology. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (ICST, Brussels, Belgium, Belgium, 2014), MOBIQUITOUS '14, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), pp. 130--139. Google ScholarDigital Library
Au, K. W. Y., Zhou, Y. F., Huang, Z., and Lie, D. PScout: Analyzing the Android Permission Specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, ACM, pp. 217--228. Google ScholarDigital Library
Backes, M., Gerling, S., Hammer, C., von Styp-Rekowsky, P., and Maffei, M. Appguard - real-time policy enforcement for third-party applications. Tech. Rep. A/02/2012, Saarland University, http://www.infsec.cs.uni-saarland.de/projects/appguard/android_irm.pdf, July 2012.Google Scholar
Baden, R., Bender, A., Spring, N., Bhattacharjee, B., and Starin, D. Persona: An online social network with user-defined privacy. SIGCOMM Comput. Commun. Rev. 39, 4 (Aug. 2009), 135--146. Google ScholarDigital Library
Bartel, A., Klein, J., Le Traon, Y., and Monperrus, M. Automatically securing permission-based software by reducing the attack surface: An application to android. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (New York, NY, USA, 2012), ASE 2012, ACM, pp. 274--277. Google ScholarDigital Library
Bichhawat, A., Rajani, V., Garg, D., and Hammer, C. Information flow control in webkit's javascript bytecode. In Principles of Security and Trust, M. Abadi and S. Kremer, Eds., vol. 8414 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2014, pp. 159--178.Google ScholarCross Ref
Cheng, W., Ports, D. R. K., Schultz, D., Popic, V., Blankstein, A., Cowling, J., Curtis, D., Shrira, L., and Liskov, B. Abstractions for Usable Information Flow Control in Aeolus. In Proceedings of the 2012 USENIX Conference on Annual Technical Conference (Berkeley, CA, USA, 2012), USENIX ATC'12, USENIX Association, pp. 12--12. Google ScholarDigital Library
Cox, L. P., Gilbert, P., Lawler, G., Pistol, V., Razeen, A., Wu, B., and Cheemalapati, S. Spandex: Secure password tracking for android. In Proceedings of the 23rd USENIX Conference on Security Symposium (Berkeley, CA, USA, 2014), SEC'14, USENIX Association, pp. 481--494. Google ScholarDigital Library
Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., and Morris, R. Labels and Event Processes in the Asbestos Operating System. In Proceedings of the Twentieth ACM Symposium on Operating Systems Principles (New York, NY, USA, 2005), SOSP '05, ACM, pp. 17--30. Google ScholarDigital Library
Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (Berkeley, CA, USA, 2010), OSDI'10, USENIX Association, pp. 1--6. Google ScholarDigital Library
Felt, A. P., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security (New York, NY, USA, 2011), CCS '11, ACM, pp. 627--638. Google ScholarDigital Library
Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android permissions: User attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (New York, NY, USA, 2012), SOUPS '12, ACM, pp. 3:1--3:14. Google ScholarDigital Library
Garfinkel, T. Traps and pitfalls: Practical problems in system call interposition based security tools. In In Proc. Network and Distributed Systems Security Symposium (2003), pp. 163--176.Google Scholar
Gerber, P., Volkamer, M., and Renaud, K. Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy. SIGCAS Comput. Soc. 45, 1 (Feb. 2015), 16--21. Google ScholarDigital Library
Gibler, C., Crussell, J., Erickson, J., and Chen, H. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. In Proceedings of the 5th International Conference on Trust and Trustworthy Computing (Berlin, Heidelberg, 2012), TRUST'12, Springer-Verlag, pp. 291--307. Google ScholarDigital Library
Henderson, A., Prakash, A., Yan, L. K., Hu, X., Wang, X., Zhou, R., and Yin, H. Make it work, make it right, make it fast: Building a platform-neutral whole-system dynamic binary analysis platform. In Proceedings of the 2014 International Symposium on Software Testing and Analysis (New York, NY, USA, 2014), ISSTA 2014, ACM, pp. 248--258. Google ScholarDigital Library
Jeon, J., Micinski, K. K., Vaughan, J. A., Fogel, A., Reddy, N., Foster, J. S., and Millstein, T. Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (New York, NY, USA, 2012), SPSM '12, ACM, pp. 3--14. Google ScholarDigital Library
King, D., Hicks, B., Hicks, M., and Jaeger, T. Implicit flows: Can't live with 'em, can't live without 'em. In Proceedings of the 4th International Conference on Information Systems Security (Berlin, Heidelberg, 2008), ICISS '08, Springer-Verlag, pp. 56--70. Google ScholarDigital Library
LaMarca, A., Chawathe, Y., Consolvo, S., Hightower, J., Smith, I., Scott, J., Sohn, T., Howard, J., Hughes, J., Potter, F., Tabert, J., Powledge, P., Borriello, G., and Schilit, B. Place lab: Device positioning using radio beacons in the wild. In Proceedings of the Third International Conference on Pervasive Computing (Berlin, Heidelberg, 2005), PERVASIVE'05, Springer-Verlag, pp. 116--133. Google ScholarDigital Library
Lee, S., Wong, E. L., Goel, D., Dahlin, M., and Shmatikov, V. πBox: A platform for privacy-preserving apps. In Proceedings of the 10th USENIX Conference on Networked Systems Design and Implementation (Berkeley, CA, USA, 2013), nsdi'13, USENIX Association, pp. 501--514. Google ScholarDigital Library
Lu, L., Li, Z., Wu, Z., Lee, W., and Jiang, G. CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, ACM, pp. 229--240. Google ScholarDigital Library
Ren, J., Rao, A., Lindorfer, M., Legout, A., and Choffnes, D. ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services (New York, NY, USA, 2016), MobiSys '16, ACM. Google ScholarDigital Library
Schwartz, E. J., Avgerinos, T., and Brumley, D. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proceedings of the 2010 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2010), SP '10, IEEE Computer Society, pp. 317--331. Google ScholarDigital Library
Singh, K., Bhola, S., and Lee, W. xbook: Redesigning privacy control in social networking platforms. In Proceedings of the 18th Conference on USENIX Security Symposium (Berkeley, CA, USA, 2009), SSYM'09, USENIX Association, pp. 249--266. Google ScholarDigital Library
Sun, M., and Tan, G. NativeGuard: Protecting Android Applications from Third-party Native Libraries. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks (New York, NY, USA, 2014), WiSec '14, ACM, pp. 165--176. Google ScholarDigital Library
Viswanath, B., Kiciman, E., and Saroiu, S. Keeping information safe from social networking apps. In Proceedings of the 2012 ACM Workshop on Workshop on Online Social Networks (New York, NY, USA, 2012), WOSN '12, ACM, pp. 49--54. Google ScholarDigital Library
Xu, R., Sädi, H., and Anderson, R. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of the 21st USENIX Conference on Security Symposium (Berkeley, CA, USA, 2012), Security'12, USENIX Association, pp. 27--27. Google ScholarDigital Library
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazières, D. Making Information Flow Explicit in HiStar. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7 (Berkeley, CA, USA, 2006), OSDI '06, USENIX Association, pp. 19--19. Google ScholarDigital Library

Index Terms

Privacy Capsules: Preventing Information Leaks by Mobile Apps
1. Information systems
  1. Information systems applications
    1. Mobile information processing systems
2. Security and privacy
  1. Security services
    1. Access control
    2. Privacy-preserving protocols
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Read More
Privacy as part of the app decision-making process
CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have ...
Read More
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and Systems

Communications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services
June 2016
440 pages
ISBN:9781450342698
DOI:10.1145/2906388
General Chairs:
Rajesh Balan
Singapore Management University
,
Archan Misra
Singapore Management University
,
Program Chairs:
Sharad Agarwal
Microsoft
,
Cecilia Mascolo
University of Cambridge
Copyright © 2016 ACM
© 2016 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 June 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
android
mobile apps
privacy
Qualifiers
- research-article
Conference

Acceptance Rates
MobiSys '16 Paper Acceptance Rate31of197submissions,16%Overall Acceptance Rate274of1,679submissions,16%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 14
  Total Citations
  View Citations
- 1,240
  Total Downloads
- Downloads (Last 12 months)145
- Downloads (Last 6 weeks)29
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

ePub

View this article in ePub.

View ePub

Privacy Capsules: Preventing Information Leaks by Mobile Apps

MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

ABSTRACT

References

Cited By

Index Terms

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective

Privacy as part of the app decision-making process

Inter-app communication between Android apps developed in app-inventor and Android studio