Automated Software Engineering

, Volume 22, Issue 3, pp 333–366 | Cite as

User-aware privacy control via extended static-information-flow analysis

  • Xusheng XiaoEmail author
  • Nikolai Tillmann
  • Manuel Fahndrich
  • Jonathan de Halleux
  • Michal Moskal
  • Tao Xie


Applications in mobile marketplaces may leak private user information without notification. Existing mobile platforms provide little information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware-privacy-control approach, which reveals how private information is used inside applications. We compute static information flows and classify them as safe/unsafe based on a tamper analysis that tracks whether private data is obscured before escaping through output channels. This flow information enables platforms to provide default settings that expose private data for only safe flows, thereby preserving privacy and minimizing decisions required from users. We build our approach into TouchDevelop, an application-creation environment that allows users to write scripts on mobile devices and install scripts published by other users. We evaluate our approach by studying 546 scripts published by 194 users, and the results show that our approach effectively reduces the need to make access-granting choices to only 10.1 % (54) of all scripts. We also conduct a user survey that involves 50 TouchDevelop users to assess the effectiveness and usability of our approach. The results show that 90 % of the users consider our approach useful in protecting their privacy, and 54 % prefer our approach over other privacy-control approaches.


Mobile Application Privacy Control Information Flow Analysis Static Analysis 


  1. Askarov, A., Myers, A.: A semantic framework for declassification and endorsement. Programming Languages and Systems. LNCS, vol. 6012, pp. 64–84. Springer, Heidelberg (2010)Google Scholar
  2. Budi, A., Lo, D., Jiang, L., Lucia: Kb-anonymity: a model for anonymized behaviour-preserving test and debugging data. In: Proceedings of PLDI, pp. 447–457 (2011)Google Scholar
  3. Castro, M., Costa, M., Martin, J.-P.: Better bug reporting with better privacy. In: Proceedings of ASPLOS, pp. 319–328 (2008)Google Scholar
  4. Clause, J., Orso, A.: Camouflage: automated anonymization of field data. In: Proceedings of ICSE, pp. 21–30 (2011)Google Scholar
  5. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)Google Scholar
  6. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19, 236–243 (1976)CrossRefGoogle Scholar
  7. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20, 504–513 (1977)CrossRefGoogle Scholar
  8. Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: detecting privacy leaks in iOS applications. In: Proceedings of NDSS (2011)Google Scholar
  9. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of OSDI, pp. 1–6 (2010)Google Scholar
  10. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of USENIX Security Symposium (2011)Google Scholar
  11. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS, pp. 235–245 (2009)Google Scholar
  12. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of CCS (2011)Google Scholar
  13. Felt, A. P., Finifter, M., Chin, E., Hanna, S., and Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of SPSM, pp. 3–14 (2011)Google Scholar
  14. Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of WebApps (2011)Google Scholar
  15. Ferrante, J., Ottenstein, K.J.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. 9, 319–349 (1987)CrossRefGoogle Scholar
  16. Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of MCS, pp. 21–26 (2011)Google Scholar
  17. Grechanik, M., Csallner, C., Fu, C., Xie, Q.: Is data privacy always good for software testing? In: Proceedings of ISSRE, pp. 368–377 (2010)Google Scholar
  18. Heintze, N., Riecke, J.G.: The SLam calculus: Programming with secrecy and integrity. In: Proceedings of POPL, pp. 365–377 (1998)Google Scholar
  19. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of CCS, pp. 639–652 (2011)Google Scholar
  20. Howard, F.: Malware with your mocha: obfuscation and anti-emulation tricks inmalicious javascript. Accessed Sept 2011
  21. Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic taint analysis with targeted control-flow propagation. In: Proceedings of NDSS, San Diego, CA, February (2011)Google Scholar
  22. Li, S., Xie, T., Tillmann, N.: A comprehensive field study of end-user programming on mobile devices. In: Proceedings of VL/HCC (2013)Google Scholar
  23. Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of POPL, pp. 228–241 (1999)Google Scholar
  24. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410–442 (2000)CrossRefGoogle Scholar
  25. Roesner, F.: User-driven access control: a new model for granting permissions in modern operating systems. Qualifying Examination Project, University of Washington, June (2011)Google Scholar
  26. Roy, I., Porter, D.E., Bond, M.D., Mckinley, K.S., Witchel, E.: Laminar: practical fine-grained decentralized information flow control. In: Proceedings of PLDI, pp. 63–74 (2009)Google Scholar
  27. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Select. Areas Commun. 21, 5–19 (2002)CrossRefGoogle Scholar
  28. Saltzer, J. H., Schroeder, M. D.: The protection of information in computer systems. In: Proceedings of the IEEE, pp. 1278–1308 (1975)Google Scholar
  29. Shieh, S.-P., Gligor, V. D.: Auditing the use of covert storage channels in secure systems. In: Proceedings of Oakland, pp. 285–295 (1990)Google Scholar
  30. Taneja, K., Grechanik, M., Ghani, R., Xie, T.: Testing software in age of data privacy: a balancing act. In: Proceedings of ESEC/FSE, pp. 201–211 (2011)Google Scholar
  31. Tillmann, N., Moskal, M., de Halleux, J.: Touchdevelop - programming cloud-connected mobile devices via touchscreen. Microsoft Technical Report MSR-TR-2011-49 (2011)Google Scholar
  32. TouchDevelop. (2011). Accessed 21 Aug 2014
  33. Vidas, T., Christin, N., Cranor, L.: Curbing Android permission creep. In: Proceedings of W2SP, Oakland, CA, May (2011)Google Scholar
  34. Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., Schechter, S., Wang, X.: Privacy revelations for web and mobile apps. In: Proceedings of HotOS, pp. 21–21, Berkeley, CA, USA (2011). USENIX Association.Google Scholar
  35. Xiao, X., Tillmann, N., Fähndrich, M., de Halleux, J., Moskal, M.: User-aware privacy control via extended static-information-flow analysis. In: Proceedings of ASE, pp. 80–89 (2012)Google Scholar
  36. Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: Proceedings of USENIX Security (2006)Google Scholar
  37. Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: TaintEraser: Protecting sensitive data leaks using application-level taint tracking, pp. 142–154. SIGOPS Operating Systems Review (2011)Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Xusheng Xiao
    • 1
    Email author
  • Nikolai Tillmann
    • 2
  • Manuel Fahndrich
    • 2
  • Jonathan de Halleux
    • 2
  • Michal Moskal
    • 2
  • Tao Xie
    • 3
  1. 1.NEC Laboratories AmericaPrincetonUSA
  2. 2.Microsoft ResearchRedmondUSA
  3. 3.Department of Computer ScienceUniversity of Illinois at Urbana-ChampaignUrbanaUSA

Personalised recommendations