Abstract
Modern mobile devices provide a wide variety of services. Users are able to access these services for many sensitive tasks relating to their everyday lives (e.g., finance, home, or contacts). However, these services also provide new attack surfaces to attackers. Many efforts have been devoted to protecting mobile users from privacy leakage. In this work, we study state-of-the-art techniques for the detection and protection of privacy leakage and discuss the evolving trends of privacy research.
Article PDF
Similar content being viewed by others
References
PC World. Skype for android has a nasty vulnerability [EB/OL]. http://www.pcworld.com/article/225301/skype_for_android_has_a_nasty_vulnerability.html.
CHIN E, WAGNER D. Bifocals: analyzing webview vulnerabilities in android applications[M]//Information Security Applications. Springer International Publishing, 2013: 138–159.
EGELE M, BRUMLEY D, FRATANTONIO Y, et al. An empirical study of cryptographic misuse in android applications[C]//ACM Sigsac Conference on Computer & Communications Security. Berlin, Germany, 2013: 73–84.
ENGLER D, CHELF B, CHOU A, et al. Checking system rules using system-specific, programmer-written compiler extensions [C]//Conference on Symposium on Operating System Design & Implementation. USENIX Association, San Diego, USA, 2000: 1–1.
GIBLER C, CRUSSELL J, ERICKSON J, et al. AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale in trust and trustworthy computing[M], Springer Berlin Heidelberg, 2012: 291–307.
CHIN E, FELT AP, GREENWOOD K, et al. Analyzing inter-application communication in Android[C]//International Conference on Mobile Systems, Applications, and Services, Bethesda, USA, 2011: 239–252.
LU L, LI Z, WU Z, et al. CHEX: statically vetting Android apps for component hijacking vulnerabilities[C]//ACM Conference on Computer and Communications Security. Raleigh, USA, 2012: 229–240.
YANG Z M, YANG M. LeakMiner: detect information leakage on Android with static taint analysis[C]//The 3rd World Congress on Software Engineering, Wuhan, China, 2012: 101–104.
ARZT S, RASTHOFER S, FRITZ C, et al. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware Taint analysis for Android Apps[J]. ACM sigplan notices, 2014, 49(6): 259–269.
ENCK W, GILBERT P, HAN S, et al. TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones[J]. ACM transactions on computer systems, 2014, 32(2): 393–407.
XU R, SAÏDI H, ANDERSON R. Aurasium: practical policy enforcement for Android applications[C]//The 21st USENIX Conference on Security Symposium. Bellevue, USA, 2012: 27–27.
YANG Z, YANG M, ZHANG Y, et al. AppIntent: analyzing sensitive data transmission in android for privacy leakage detection[C]//ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013: 1043–1054.
ALI-GOMBE A, AHMED I, RICHARD III G G, et al. AspectDroid: Android App analysis system[C]//Proceedings of the 6th ACM Conference on Data and Application Security and Privacy, New Orleans, USA, 2016: 145–147.
NAUMAN M, KHAN S, ZHANG X. Apex: extending android permission model and enforcement with user-defined runtime constraints[C]//ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010: 328–332.
ZHANG M, DUAN Y, FENG Q, et al. Towards automatic generation of security-centric descriptions for Android Apps[C]//The 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, USA, 2015: 518–529.
HORNYACK P, HAN S, JUNG J, et al. These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications[C]//ACM Conference on Computer and Communications Security, Chicago, USA, 2011: 639–652.
BUGIEL S, HEUSER S, SADEGHIA R. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies[C]//Usenix Conference on Security, Washington, USA, 2013: 131–146.
YAN L, GUO Y, CHEN X. SplitDroid: isolated execution of sensitive components for mobile applications in security and privacy in communication networks[M]. Springer International Publishing, 2015.
ZHANG X, AHLAWAT A, DU W. AFrame: isolating advertisements from mobile applications in Android[C]//Computer Security Applications Conference, New Orleans, USA, 2013: 9–18.
PEARCE P, FELT A P, NUNEZ G, et al. AdDroid: privilege separation for applications and advertisers in Android[C]//The 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Korea, 2012: 71–72.
SHEKHAR S, DIETZ M, WALLACH D S. AdSplit: separating smartphone advertising from applications[J]. Dissertations & theses - gradworks, 2012, 54(1): 99.
ENCK W, ONGTANG M, MCDANIEL P. On lightweight mobile phone application certincation[C]//ACM Conference on Computer and Communications Security, CCS 2009, Chicago, USA, 2009: 235–245.
ONGTANG M, MCLAUGHLIN S, ENCK W, et al. Semantical Rich application-centric security in Android[J]. Security & communication networks, 2009, 5(6): 658–673.
HAO CHEN, WAGNER D. MOPS: an infrastructure for examining security properties of software[C]//Acm Conference on Computer & Communications Security. Washington, USA, 2002: 235–244.
EGELE M, KRUEGEL C, KIRDA E, et al. PiOS: detecting privacy leaks in iOS applications[C]//Network and Distributed System Security Symposium, San Diego, USA, 2011: 280–291.
Anzhuoduanxin[EB/OL]. http://lib.91.com/news/07302012/ 190845592.shtml.
Google map[EB/OL]. http://www.google.com/mobile/maps/.
GILBERT P, CHUN B G, COX L P, et al. Vision: automated security validation of mobile apps at app markets[C]//International Workshop on Mobile Cloud Computing and Services, Bethesda, USA, 2011: 21–26.
LU L, YEGNESWARAN V, PORRAS P, et al. BLADE: an attack-agnostic approach for preventing drive-by malware infections[C]//ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 440–450.
CHEN K Z, JOHNSON N M, D’SILVA V, et al. Contextual policy enforcement in android applications with permission event graphs[C]//Symposium on Network and Distributed System Security (NDSS), 2013.
ZHANG Y, YANG M, XU B, et al. Vetting undesirable behaviors in android apps with permission use analysis[C]//The ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013, 9: 611–622.
AU K W Y, ZHOU Y F, HUANG Z, et al. PScout: analyzing the Android permission specification[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, USA, 2012: 217–228.
RASTHOFER S, STEVEN A, BODDEN E. A machine-learning approach for classifying and categorizing android sources and sinks[C]//Network and Distributed System Security Symposium, San Diego, USA, 2014.
Bank app users warned over android security[EB/OL]. http://www.itpro.co.uk/android/19332/mwc-2013-bank-app-users-warned-over-android-security.
Phishing attack replaces android banking apps with malware [EB/OL]. https://securingtomorrow.mcafee.com/mcafee-labs/ phishing-attack-replaces-android-banking-apps-with-malware/.
Av-comparatives: mobile security review-september 2014[EB/ OL]. http://www.av-comparatives.org/wp-content/uploads/2014/09/ avc_mob_201407_en.pdf
CHEN Q A, QIAN Z Y, MAO Z M. Peeking into your app without actually seeing it: UI state inference and novel android attacks[C]//The 23rd USENIX Conference on Security Symposium, San Diego, USA, 2014: 1037–1052.
ZHOU Y J, JIANG X X. Detecting passive content leaks and pollution in android applications[C]//The 20th Network and Distributed System Security Symposium (NDSS). 2013.
NAN Y H, YANG M, YANG Z M, et al. UlPicker: user-input privacy identification in mobile applications [C]//Usenix Conference on Security Symposium, Washington, USA, 2015: 993–1008.
ZHOU Y J, SINGH K, JIANG X X. Owner-Centric Protection of Unstructured Data on Smartphones[M]. Trust and Trustworthy Computing. 2014: 55–73.
HUANG J J, LI Z C, XIAO X S, et al. SUPOR: precise and scalable sensitive user input detection for android apps[C]//Usenix Security Symposium, Washington, USA, 2015.
EKBERG J E, KOSTIAINEN K, ASOKAN N. Trusted execution environments on mobile devices[C]//ACM Sigsac Conference on Computer & Communications Security. Berlin, Germany, 2013: 1497–1498.
BRASSER F, KIM D, LIEBCHEN C, et al. Regulating ARM TrustZone devices in restricted spaces[C]//The 14th Annual International Conference on Mobile Systems, Applications, and Services, Singapore, Singapore, 2016: 413–425.
SUN H, SUN K, WANG Y W, et al. TrustOTP: transforming smartphones into secure one-time password tokens[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, USA, 2015: 976–988.
Author information
Authors and Affiliations
Additional information
This work is supported by the Science and Technology Commission of Shanghai Municipality (No. 15511103003), the National Natural Science Foundation of China (No. 61602121), and the Open Project of Beijing Key Laboratory of IoT Information Security Technology (No. J6V0011104).
ZHANG Lei was born in Henan Province. He received the B.E. degree in electronic engineering from Fudan University, Shanghai, China. He is now a Ph.D. candidate of the science and technology of computer, from Fudan University. His research interests include system security and privacy leakage. (Email: lei_zhangl4@fudan.edu.cn)
YANG Zhemin [corresponding author] is a Lecturer with Software School, Fudan University, Shanghai, China. He received the B.Sc. and Ph.D. degrees in computer science from Fudan University, in 2007 and 2012, respectively. His research interests are in system security and program analysis techniques. (Email: yangzhemin@fudan.edu.cn)
Rights and permissions
About this article
Cite this article
Zhang, L., Zhu, D., Yang, Z. et al. A survey of privacy protection techniques for mobile devices. J. Commun. Inf. Netw. 1, 86–92 (2016). https://doi.org/10.1007/BF03391582
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/BF03391582