DAPA: Degradation-Aware Privacy Analysis of Android Apps

  • Gianluca Barbon
  • Agostino Cortesi
  • Pietro Ferrara
  • Enrico Steffinlongo
Conference paper

DOI: 10.1007/978-3-319-46598-2_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)
Cite this paper as:
Barbon G., Cortesi A., Ferrara P., Steffinlongo E. (2016) DAPA: Degradation-Aware Privacy Analysis of Android Apps. In: Barthe G., Markatos E., Samarati P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science, vol 9871. Springer, Cham

Abstract

When installing or executing an app on a smartphone, we grant it access to part of our (possibly confidential) data stored in the device. Traditional information-flow analyses aim to detect whether such information is leaked by the app to the external (untrusted) environment. The static analyser we present in this paper goes one step further. Its aim is to trace not only if information is possibly leaked (as this is almost always the case), but also how relevant such a leakage might become, as an under- and over-approximation of the actual degree of values degradation. The analysis captures both explicit dependences and implicit dependences, in an integrated approach. The analyser is built within the Abstract Interpretation framework on top of our previous work on datacentric semantics for verification of privacy policy compliance by mobile applications. Results of the experimental analysis on significant samples of the DroidBench library are also discussed.

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Gianluca Barbon
    • 1
  • Agostino Cortesi
    • 2
  • Pietro Ferrara
    • 3
  • Enrico Steffinlongo
    • 2
  1. 1.Université Grenoble Alpes - Inria - LIGGrenobleFrance
  2. 2.Università Ca’ FoscariVeniceItaly
  3. 3.Julia SrlVeronaItaly

Personalised recommendations