Abstract
The APPs running on smart devices have greatly enriched people’s lives. However, they are collecting personally identifiable information (PII) secretly. The unrestricted collection, processing and unsafe transmission of PII will result in the disclosure of privacy, which cause losses to users. With the advent of laws and regulations about data privacy such as GDPR, the major APP vendors have become more and more cautious about collecting PII. However, the researches on detecting privacy leakage under GDPR framework still receive less attention. In this paper, we analyze the clauses of GDPR about privacy processing and propose a method for PII leakage detection based on Association Mining. This method assists us to find many hidden privacy leakages in traffic data. Moreover, we design and implement an automated system to detect whether the traffic data sent by the APPs reveals users’ PII. We have tested 509 APPs of different categories in the Google Play Store. The result shows that 76.23% of the APPs would collect and transmit PII insecurely and 34.06% of them would send PII to third parties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rui, H., Jin, Z., Wang, B.: Investigation of taint analysis for smartphone-implicit taint detection and privacy leakage detection. EURASIP J. Wirel. Commun. Netw. 2016, 227 (2016)
Reyes, I., et al.: Won’t somebody think of the children? Examining COPPA compliance at scale. PoPETs 2018(3), 63–83 (2018)
Ren, J., Rao, A., Lindorfer, M., Legout, A., Choffnes, D.R.: ReCon: revealing and controlling PII leaks in mobile network traffic. In: MobiSys, pp. 361–374 (2016)
Zimmeck, S., et al.: Automated analysis of privacy requirements for mobile apps. In: NDSS 2017 (2017)
Nan, Y., Yang, Z., Wang, X., Zhang, Y., Zhu, D., Yang, M.: Finding clues for your secrets: semantics-driven, learning-based privacy discovery in mobile apps. In: NDSS 2018 (2018)
Li, L., et al.: IccTA: detecting inter-component privacy leaks in android apps. In: ICSE, no. 1, pp. 280–291 (2015)
Razaghpanah, A., et al.: Haystack. In Situ Mobile Traffic Analysis in User Space. CoRRabs/1510.01419 (2015)
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5:1–5:29 (2014)
Continella, A., et al.: Obfuscation-resilient privacy leak detection for mobile apps through differential analysis. In: NDSS 2017 (2017)
Liu, Y., Song, H.H., Bermudez, I., Mislove, A., Baldi, M., Tongaonkar, A.: Identifying personal information in internet traffic. In: COSN, pp. 59–70 (2015)
Xia, N., et al.: Mosaic: quantifying privacy leakage in mobile networks. In: SIGCOMM, pp. 279–290 (2013)
Xiang, C., Chen, Q., Xue, M., Zhu, H.: APPCLASSIFIER: automated app inference on encrypted traffic via meta data analysis. In: GLOBECOM, pp. 1–7 (2018)
Greengard, S.: Weighing the impact of GDPR. Commun. ACM 61(11), 16–18 (2018)
Li, H., Zhu, H., Du, S., Liang, X., Shen, X.: Privacy leakage of location sharing in mobile social networks: attacks and defense. IEEE Trans. Dependable Sec. Comput. 15(4), 646–660 (2018)
Li, H., Xu, Z., Zhu, H., Ma, D., Li, S., Xing, K.: Demographics inference through Wi-Fi network traffic analysis. In: INFOCOM, pp. 1–9 (2016)
Zhang, D., Guo, Y., Guo, D., Wang, R., Yu, G.: Contextual approach for identifying malicious inter-component privacy leaks in android apps. In: ISCC, pp. 228–235 (2017)
Tesfay, W.B., Hatamian, M., Serna, J., Rannenberg, K.: PrivacyBot: detecting privacy sensitive information in unstructured texts. In: ICICS 2018, p. 156 (2018)
Ferrara, P., Olivieri, L., Spoto, F.: Tailoring taint analysis to GDPR. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 63–76. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_4
Kammüller, F.: Attack Trees in Isabelle. In: ICICS, pp. 611–628 (2018)
Li, H., Zhu, H., Ma, D.: Demographic information inference through meta-data analysis of Wi-Fi traffic. IEEE Trans. Mob. Comput. 17(5), 1033–1047 (2018)
Zhou, L., Du, S., Zhu, H., Chen, C., Ota, K., Dong, M.: Location privacy in usage-based automotive insurance: attacks and countermeasures. IEEE Trans. Inf. Forensics Secur. 14, 196–211 (2018)
General Data Protection Regulation (GDPR). https://gdpr-info.eu
Acknowledgments
This work was supported in part by National Science Foundation of China under Grant 71671114 and Grant 61672350, and in part by the China Scholarship Council (201806230109).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Jia, Q., Zhou, L., Li, H., Yang, R., Du, S., Zhu, H. (2019). Who Leaks My Privacy: Towards Automatic and Association Detection with GDPR Compliance. In: Biagioni, E., Zheng, Y., Cheng, S. (eds) Wireless Algorithms, Systems, and Applications. WASA 2019. Lecture Notes in Computer Science(), vol 11604. Springer, Cham. https://doi.org/10.1007/978-3-030-23597-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-23597-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23596-3
Online ISBN: 978-3-030-23597-0
eBook Packages: Computer ScienceComputer Science (R0)