Advertisement

Detecting Privacy Information Abuse by Android Apps from API Call Logs

  • Katsutaka Ito
  • Hirokazu Hasegawa
  • Yukiko Yamaguchi
  • Hajime Shimada
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11049)

Abstract

In these years, the use of smartphones is spreading. Android is the most major smartphone OS in the world, and there are a lot of third-party application stores for Android. Such third-party stores make it easy to install third-party applications. However, these applications may access and obtain privacy information, in addition to their major functions. There is a survey showing that most users do not take good care of the settings about how their privacy information is handled by applications. Thus, privacy information abuse by authorized application is becoming a serious problem. In this paper, we propose a method to detect applications that access privacy information unrelated to their functionalities by analyzing API call logs, which can reveal the activities of the application. In order to record API call logs, we modified the Android source code, and run the rebuilt system on an emulator. We analyzed applications’ API call logs with a statistical method, based on the frequency of privacy information accessing and network activities.

Keywords

Android API call logs Privacy information leakage 

References

  1. 1.
    International Data Corporation. Smartphone OS marcket share. https://www.idc.com/promo/smartphone-market-share/os
  2. 2.
    Information technology Promotion Agency. A survey of awareness of the threat of information security in 2016. http://www.ipa.go.jp/files/000056568.pdf. (in Japanese)
  3. 3.
    Kim, J., Yoon, Y., Yi, K., Shin, J.: Scandal: static analyzer for detecting privacy leaks in android applications. In: Mobile Security Technologies, vol. 12 (2012)Google Scholar
  4. 4.
    Hosoya, R., Tsunoda, Y., Mori, T., Saito, T.: Measurement study of the privacy information collected by mobile apps. In: Computer Security Symposium, pp. 553–560, September 2017. (in Japanese)Google Scholar
  5. 5.
    Mann, C., Starostin, A.: A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1457–1462 (2012)Google Scholar
  6. 6.
    Han, C., Matsumoto, S., Kawamoto, J., Sakurai, K.: Classified by the API call record and personal information leakage detection of android malware. Inf. Process. Soc. Jpn. 3A–4, 1–8 (2016). (in Japanese)Google Scholar
  7. 7.
    Hatada, M., Mori, T.: Detecting android PUAs and classifying its variants with analysis of DNS queries. In: Computer Security Symposium, pp. 1068–1075, September 2017. (in Japanese)Google Scholar
  8. 8.
    Do, Q., Martini, B., Choo, K.-K.R.: Enhancing user privacy on android mobile devices via permissions removal. In: 2014 47th Hawaii International Conference on System Sciences (HICSS), pp. 5070–5079 (2014)Google Scholar
  9. 9.
    Gibler, C., Crussell, J., Erickson, J., Chen, H.: Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In: International Conference on Trust and Trustworthy Computing, pp. 291–307 (2012)CrossRefGoogle Scholar
  10. 10.
    Zhang, M., Yin, H.: Efficient, context-aware privacy leakage confinement for android applications without firmware modding. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 259–270 (2014)Google Scholar
  11. 11.
    Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: International Conference on Information Security, pp. 346–360 (2010)Google Scholar
  12. 12.
    Chen, Y., Khandaker, M., Wang, Z.: Pinpointing vulnerabilities. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 334–345 (2017)Google Scholar
  13. 13.
    Chen, Y., Zhang, Y., Wang, Z., Xia, L., Bao, C., Wei, T.: Adaptive android kernel live patching. In: Proceedings of the 26th USENIX Security Symposium (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Katsutaka Ito
    • 1
  • Hirokazu Hasegawa
    • 2
  • Yukiko Yamaguchi
    • 3
  • Hajime Shimada
    • 3
  1. 1.Graduate School of InformaticsNagoya UniversityNagoyaJapan
  2. 2.Information Strategy OfficeNagoya UniversityNagoyaJapan
  3. 3.Information Technology CenterNagoya UniversityNagoyaJapan

Personalised recommendations