Advertisement

Auditing Access to Private Data on Android Platform

  • Vishal Maral
  • Nachiket Trivedi
  • Manik Lal Das
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10722)

Abstract

App-based utility service on mobile phone has found enormous success in modern digital society. While App-based services on mobile platform make life easy, security and privacy concern of App installed on mobile phone poses a potential threat to user of mobile phone. Users typically do not pay much attention at the time of App installation before accepting the privacy terms display on his/her mobile phone. In this paper, we present a security monitor, a user level tool to detect the events of sensitive data access by mobile Apps and alert user for any suspicious data access. The security monitor does not require the Android root permission to run on mobile platform, instead, it relies on adding hooks to the application package at the bytecode level. The experimental results show that the proposed security monitor can effectively detect private or sensitive data access of Apps with almost no overhead on power consumption of mobile phone and App performance.

Keywords

Security monitor Security vulnerability Android Apps Privacy 

References

  1. 1.
  2. 2.
    Oberheide, J.: Disecting the Android Bouncer. http://jon.oberheide.org/files/summercon12-bouncer.pdf
  3. 3.
    Oulehla, M.: Investigation into Google Play security mechanisms via experimental botnet. In: Proceedings of IEEE International Symposium on Signal Processing and Information Technology, pp. 591–596 (2015)Google Scholar
  4. 4.
    Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A., Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In Proceedings of International Conference on Malicious and Unwanted Software, pp. 66–72 (2011)Google Scholar
  5. 5.
    Qian, Q., Cai, J., Xie, M., Zhang, R.: Malicious behavior analysis for android applications. Int. J. Netw. Secur. 18(1), 182–192 (2016)Google Scholar
  6. 6.
    Ma, S., Tang, Z., Xiao, Q., Liu, J., Duong, T.T., Lin, X., Zhu, H.: Detecting GPS information leakage in Android applications. In: Proceedings of Global Communications Conference, pp. 826–831 (2013)Google Scholar
  7. 7.
    Chen, C., Lin, J., Lai, G.: Detecting mobile application malicious behaviors based on data flow of source code. In: Proceedings of International Conference on Trustworthy Systems and their Applications, pp. 1–6 (2014)Google Scholar
  8. 8.
    Yerima, S.Y., Sezer, S., McWilliams, G., Muttik, I.: A new android malware detection approach using Bayesian classification. In: Proceedings of International Conference on Advanced Information Networking and Applications, pp. 121–128 (2013)Google Scholar
  9. 9.
    Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: Proceedings of Intelligence and Security Informatics, pp. 141–147 (2012)Google Scholar
  10. 10.
    Zhao, M., Zhang, T., Ge, F., Yuan, Z.: RobotDroid: a lightweight malware detection framework on smartphones. J. Netw. 7(4), 715–722 (2012)Google Scholar
  11. 11.
    Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5 (2014)CrossRefGoogle Scholar
  12. 12.
    Roshandel, R., Tyler, R.: User-centric monitoring of sensitive information access in Android applications. In: Proceedings of International Conference on Mobile Software Engineering and Systems, pp. 144–145 (2015)Google Scholar
  13. 13.
    Jia, P., He, X., Liu, L., Gu, B., Fang, Y.: A framework for privacy information protection on Android. In: Proceedings of International Conference on Computing, Networking and Communications, pp. 1127–1131 (2015)Google Scholar
  14. 14.
    Berthome, P., Fecherolle, T., Guilloteau, N., Lalande, J.: Repackaging android applications for auditing access to private data. In: Proceedings of International Conference on Availability, Reliability and Security, pp. 388–396 (2012)Google Scholar
  15. 15.
    De Montjoye, Y., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility, vol. 3, p. 1376. Nature Publishing Group (2013)Google Scholar
  16. 16.
    Fu, H., Yang, Y., Shingte, N., Lindqvist, J., Gruteser, M.: A field study of run-time location access disclosures on android smartphones. In: Proceedings of Workshop on Usable Security 2014 (2014)Google Scholar
  17. 17.
    Fawaz, K., Feng, H., Shin, K.G.: Anatomization and protection of mobile apps location privacy threats. In: Proceedings of USENIX Security Symposium, pp. 753–768 (2015)Google Scholar
  18. 18.
    Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: Proceedings of International Conference on Next Generation Mobile Apps, Services and Technologies, pp. 66–71 (2014)Google Scholar
  19. 19.
    Song, Y., Hengartner, U.: PrivacyGuard: a VPN-based platform to detect information leakage on android devices. In: Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2015)Google Scholar
  20. 20.
    Android Developer Preview. https://developer.android.com

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Vishal Maral
    • 1
  • Nachiket Trivedi
    • 1
  • Manik Lal Das
    • 1
  1. 1.DA-IICTGandhinagarIndia

Personalised recommendations