Abstract
App-based utility service on mobile phone has found enormous success in modern digital society. While App-based services on mobile platform make life easy, security and privacy concern of App installed on mobile phone poses a potential threat to user of mobile phone. Users typically do not pay much attention at the time of App installation before accepting the privacy terms display on his/her mobile phone. In this paper, we present a security monitor, a user level tool to detect the events of sensitive data access by mobile Apps and alert user for any suspicious data access. The security monitor does not require the Android root permission to run on mobile platform, instead, it relies on adding hooks to the application package at the bytecode level. The experimental results show that the proposed security monitor can effectively detect private or sensitive data access of Apps with almost no overhead on power consumption of mobile phone and App performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
SilverPush Android Apps. https://public.addonsdetector.com/silverpush-android-apps/
Oberheide, J.: Disecting the Android Bouncer. http://jon.oberheide.org/files/summercon12-bouncer.pdf
Oulehla, M.: Investigation into Google Play security mechanisms via experimental botnet. In: Proceedings of IEEE International Symposium on Signal Processing and Information Technology, pp. 591–596 (2015)
Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A., Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In Proceedings of International Conference on Malicious and Unwanted Software, pp. 66–72 (2011)
Qian, Q., Cai, J., Xie, M., Zhang, R.: Malicious behavior analysis for android applications. Int. J. Netw. Secur. 18(1), 182–192 (2016)
Ma, S., Tang, Z., Xiao, Q., Liu, J., Duong, T.T., Lin, X., Zhu, H.: Detecting GPS information leakage in Android applications. In: Proceedings of Global Communications Conference, pp. 826–831 (2013)
Chen, C., Lin, J., Lai, G.: Detecting mobile application malicious behaviors based on data flow of source code. In: Proceedings of International Conference on Trustworthy Systems and their Applications, pp. 1–6 (2014)
Yerima, S.Y., Sezer, S., McWilliams, G., Muttik, I.: A new android malware detection approach using Bayesian classification. In: Proceedings of International Conference on Advanced Information Networking and Applications, pp. 121–128 (2013)
Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: Proceedings of Intelligence and Security Informatics, pp. 141–147 (2012)
Zhao, M., Zhang, T., Ge, F., Yuan, Z.: RobotDroid: a lightweight malware detection framework on smartphones. J. Netw. 7(4), 715–722 (2012)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5 (2014)
Roshandel, R., Tyler, R.: User-centric monitoring of sensitive information access in Android applications. In: Proceedings of International Conference on Mobile Software Engineering and Systems, pp. 144–145 (2015)
Jia, P., He, X., Liu, L., Gu, B., Fang, Y.: A framework for privacy information protection on Android. In: Proceedings of International Conference on Computing, Networking and Communications, pp. 1127–1131 (2015)
Berthome, P., Fecherolle, T., Guilloteau, N., Lalande, J.: Repackaging android applications for auditing access to private data. In: Proceedings of International Conference on Availability, Reliability and Security, pp. 388–396 (2012)
De Montjoye, Y., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility, vol. 3, p. 1376. Nature Publishing Group (2013)
Fu, H., Yang, Y., Shingte, N., Lindqvist, J., Gruteser, M.: A field study of run-time location access disclosures on android smartphones. In: Proceedings of Workshop on Usable Security 2014 (2014)
Fawaz, K., Feng, H., Shin, K.G.: Anatomization and protection of mobile apps location privacy threats. In: Proceedings of USENIX Security Symposium, pp. 753–768 (2015)
Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: Proceedings of International Conference on Next Generation Mobile Apps, Services and Technologies, pp. 66–71 (2014)
Song, Y., Hengartner, U.: PrivacyGuard: a VPN-based platform to detect information leakage on android devices. In: Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2015)
Android Developer Preview. https://developer.android.com
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Maral, V., Trivedi, N., Das, M.L. (2018). Auditing Access to Private Data on Android Platform. In: Negi, A., Bhatnagar, R., Parida, L. (eds) Distributed Computing and Internet Technology. ICDCIT 2018. Lecture Notes in Computer Science(), vol 10722. Springer, Cham. https://doi.org/10.1007/978-3-319-72344-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-72344-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72343-3
Online ISBN: 978-3-319-72344-0
eBook Packages: Computer ScienceComputer Science (R0)