Mike Grace,Yajin Zhou,Zhi Wang,Xuxian Jiang

2011-01-01

Abstract:Recent years have witnessed increased popularity and adoption of smartphones partially due to the functionalities and convenience offered to their users (e.g., the ability to run third-party applications). To manage the amount of access given to smartphone applications, Android provides a permission-based security model, which requires each application to explicitly request permissions before it can be installed to run. In this paper, we systematically analyze eight flagship Android smartphones from leading manufacturers, including HTC, Motorola, and Samsung and found out that the stock phone images do not properly enforce the permission model. Several privileged permissions that protect the access to sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not need to request them for the actual use, a security violation termed capability leak in this paper. To facilitate identifying these capability leaks, we take a static analysis approach and have accordingly developed a system called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting these leaked capabilities, an untrusted application can manage to wipe out the user data, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations on the affected phones – all without the need of asking for any permission.

Yajin Zhou,Xuxian Jiang

2013-01-01

Abstract:In this paper, we systematically study two vulnerabilities and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unprotected Android component, i.e., content provider, inside vulnerable apps. Because of the lack of necessary access control enforcement, affected apps can be exploited to either passively disclose various types of private in-app data or inadvertently manipulate certain security-sensitive in-app settings or configurations that may subsequently cause serious system-wide side effects (e.g., blocking all incoming phone calls or SMS messages). To assess the prevalence of these two vulnerabilities, we analyze 62, 519 apps collected in February 2012 from various Android markets. Our results show that among these apps, 1, 279 (2.0%) and 871 (1.4%) of them are susceptible to these two vulnerabilities, respectively. In addition, we find that 435 (0.7%) and 398 (0.6%) of them are accessible from official Google Play and some of them are extremely popular with more than 10, 000, 000 installs. The presence of a large number of vulnerable apps in popular Android markets as well as the variety of private data for leaks and manipulation reflect the severity of these two vulnerabilities. To address them, we also explore and examine possible mitigation solutions.

Dong-zi YAN,Yi-jun WANG,Zhi XUE,Ling HU

DOI: https://doi.org/10.3969/j.issn.1002-0802.2016.12.024

2016-01-01

Abstract:With the increasingly powerful mobile terminal, a variety of APP applications have seeped into every aspect of people's daily lives. Especially with the rapid development of location-based service (Location Based Service, referred to as LBS), the people with share thinking usually ignore the security risk of privacy breach in APP application while sharing their own state and conveniently acguiring others, information. For those reasons, the security risk analysis is done on the application based on LBS. And aiming at access to personal information and the location information of the user via reverse engineering, code location and function reconstruction, and further analysis on acguired private data of the user, some suggestions are proposed for security strengthening in prevention of data leakage risk.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

ZHAO Da-peng,LIANG Lei,TIAN Xiu-xia,WANG Xiao-ling

DOI: https://doi.org/10.3969/j.issn.1000-5641.2015.05.003

2015-01-01

Abstract:In recent years,with the rapid increase in the number of GPS-enabled mobile devices,location-based services(LBS)applications grow explosively,such as finding the nearest gas station or restaurants within one kilometer and so on.Users benefit from convenience of LBS.However,many privacy issues draw people's attention gradually.Acomprehensive understanding of existing privacy protection work in the location-based services is important for researchers to grasp the present research status,the future development directionsand the challenges.We give a deep survey of the recent improvement in LBS,which mainly focus on existing attacking models,privacy protection model,measure model and datasets.What′s more,we classifies the existing attacking model and privacy protection model and made comparisons based on different features.Finally unsolved problems and future development are also discussed.

Guangwu Hu,Bin Zhang,Xi Xiao,Weizhe Zhang,Long Liao,Ying Zhou,Xia Yan

DOI: https://doi.org/10.3390/e23111489

2021-11-10

Abstract:Insecure applications (apps) are increasingly used to steal users' location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely on statically analyzing source code or dynamically monitoring the location data flow, identification accuracy is still under research, since the analysis results contain a certain false positive or true negative rate. In order to improve the accuracy and reduce the misjudging rate in the process of vetting suspicious apps, this paper proposes SAMLDroid, a combined method of static code analysis and machine learning for identifying Android apps with location privacy leakage, which can effectively improve the identification rate compared with existing methods. SAMLDroid first uses static analysis to scrutinize source code to investigate apps with location acquiring intentions. Then it exploits a well-trained classifier and integrates an app's multiple features to dynamically analyze the pattern and deliver the final verdict about the app's property. Finally, it is proved by conducting experiments, that the accuracy rate of SAMLDroid is up to 98.4%, which is nearly 20% higher than Apparecium.

Nai-Wei Lo,Kuo-Hui Yeh,Chuan-Yen Fan

DOI: https://doi.org/10.1109/jsyst.2014.2364202

IF: 4.802

2016-12-01

IEEE Systems Journal

Abstract:How to identify and manage information leakage of user privacy is a very crucial and sensitive topic for handheld mobile device manufacturers, telecommunication companies, and mobile device users. As the success of a financial fraud usually requires possessing a victim's private information, new types of personal identity theft and private information acquirement attack are developed and deployed along with various Apps in order to steal personal private information from mobile device users. With more than 50% of smartphone market share, Android-based mobile phone vendors and Internet service providers have to face the new challenge on user privacy management. In this paper, we present a user privacy analysis framework for an Android platform called LRPdroid. The goals of LRPdroid are to achieve information leakage detection, user privacy disclosure evaluation, and privacy risk assessment for Apps installed on Android-based mobile devices. With a formally defined user privacy model, LRPdroid can effectively support mobile users to manage their own privacy risks on targeted Apps. In addition, new privacy analysis viewpoints such as user perception and leakage awareness are introduced in LRPdroid. Two general App usage scenarios are evaluated with our system prototype to show the feasibility and practicability of the LRPdroid framework on user privacy management.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Zhao-guo WANG,Cheng-long LI,Luo-shi ZHANG,Ji-bao ZHANG,Yi GUAN,Yi-bo XUE

DOI: https://doi.org/10.3969/j.issn.0372-2112.2015.09.011

2015-01-01

Abstract:The increasing presence of Android privacy leakages poses a significant privacy risk for Android smartphone users.This paper proposes a privacy leakage detection method based on behavior chain,which can achieve the fine-grained location of the source and points of the information leakage.With the WxShall algorithm,we can calculate the accessibility between the leak-age source and leakage points,and detect the transfer path of privacy in Android applications.The detections of 1259 Android appli-cations show that the accuracy of this algorithm reaches 95.1% and the complexity accounts for 5.45% of WarShall algorithm.The results of the experiments demonstrate that the method is better than Androgurad and Kirin.

Shuang Zhao,Xiapu Luo,Bo Bai,Xiaobo Ma,Wei Zou,Xinliang Qiu,Man Ho Au

DOI: https://doi.org/10.1007/978-3-319-40253-6_1

2016-01-01

Abstract:Mobile social apps have been changing the way people interact with each other in the physical world. To help people extend their social networks, Location-Based Social Network LBSN apps e.g., Wechat, SayHi, Momo that encourage people to make friends with nearby strangers have gained their popularity recently. They provide a \"Nearby\" feature for a user to find other users near him/her. While seeing other users, the user, as well as his/her coarse-grained relative location, will also be visible in the \"Nearby\" feature of other users. Leveraging this observation, in this paper, we model the location probing attacks, and propose three approaches to perform large-scale such attacks on LBSN apps. Moreover, we apply the new approaches in the risk assessment of eight popular LBSN apps, each of which has millions of installation. The results demonstrate the severity of such attacks. More precisely, our approaches can collect a huge volume of users' location information effectively and automatically, which can be exploited to invade users' privacy. This study sheds light on the research of protecting users' private location information.

Stylianos Monogios,Konstantinos Limniotis,Nicholas Kolokotronis,Stavros Shiaeles

DOI: https://doi.org/10.1007/978-3-030-37545-4_3

2021-09-08

Abstract:The Android unrestricted application market, being of open source nature, has made it a popular platform for third-party applications reaching millions of smart devices in the world. This tremendous increase in applications with an extensive API that includes access to phone hardware, settings, and user data raises concerns regarding users privacy, as the information collected from the apps could be used for profiling purposes. In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present. Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services without providing adequate or precise information to the users. Moreover, as they are using third-party libraries, they suffer from the intra-library collusion issue, that could be exploited from advertising and analytics companies through apps and gather large amount of personal information without the explicit consent of the user.

Cryptography and Security

Qiuyu Xiao,Jiayi Chen,Le Yu,Huaxin Li,Haojin Zhu,Muyuan Li,Kui Ren

DOI: https://doi.org/10.1145/2660267.2662367

2014-01-01

Abstract:The mobile users are facing a serious risk of losing location privacy (e.g., users' location information transmitted by open advertisement network, and the reported event of involuntary tracking of mobile users in popular mobile social apps). In this study, we design and implement LocMask, a system-level solution that provides location privacy protection in Android system. LocMask achieves the tradeoff of the privacy and the utility of location based services by providing the Quality of Protection (QoP) on demand, which sets different privacy protection levels to different locations based on how sensitive these locations are. Motivated by the fact that Top locations (e.g, user's home or office) are more sensitive than less visiting locations, LocMask provides location profile management module that records the user's mobility history and ranks the locations in terms of the user's visiting frequency. With users' location profiles, LocMask can automatically determines the sensitiveness of these locations as well as their corresponding privacy protection level. LocMask is also designed to incorporate various obfuscation techniques. The effectiveness of LocMask is supported by extensive real-world data based evaluations.

Jiezhen Tang,Hui Zhu,Rongxing Lu,Xiaodong Lin,Hui Li,Fengwei Wang

DOI: https://doi.org/10.1109/jiot.2021.3115849

IF: 10.6

2022-05-01

IEEE Internet of Things Journal

Abstract:As a straightforward consequence of advances in the Internet of Things (IoT), location-based service (LBS) applications have been pervasive in our daily lives. Nevertheless, since those LBS applications will continuously collect and disclose users' location data, major concerns on privacy leakage are raised. Aiming at the challenge, in this article, we first build up a detect module (DM) and employ it to investigate more than 80% of LBS applications are keen on tracking users. Then, to thwart the threats from those LBS applications, we exploit the deceptive dummy techniques and design a dummy-based location privacy preserving scheme, named dummy location provider (DLP), which comprises three algorithms, namely, Spread, Shift, and Switch. Specifically, Spread and Shift are in charge of generating deceptive dummies and trajectories. And with Switch, users' real locations are replaced with dummy trajectories before being submitted to LBS applications. As a result, users can not only prevent applications from accessing location data arbitrarily, but also avoid being questioned by applications in terms of honesty. Furthermore, to guarantee necessary functions of LBS, DLP offers customizable privacy-preserving strategies for users, which can achieve flexible location data usage control. Finally, our DLP can also attain achievable and effortless deployment over smart devices. Detailed security analysis indicates that DLP resists inference attacks even facing skeptical applications. In addition, for performance evaluation, a DLP application (DLPA) is developed on the Android platform and tested in the real environment, and the extensive experimental results demonstrate that the DLPA is indeed effective and high efficiency in practice.

computer science, information systems,telecommunications,engineering, electrical & electronic

YANG Guang-liang,GONG Xiao-rui,YAO Gang,HAN Xin-hui

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.23.001

2012-01-01

Abstract:To detect user’s privacy leakage in Android software,this paper proposes an automated detection system based on dynamic taint tracking,called TaintChaser.TaintChaser can detect behaviors of user’s data leakage in Android applications under test at a fine granularity,and the system also can analyze and test massive Android software in the automatic way.It uses TaintChaser to automatically analyze 28 369 popular Android applications and finds that 24.69% of them may leak user’s privacy.

Tao Liu,Zhushou Tang,Beijun Shen

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.03.070

2015-01-01

Abstract:When Android becomes the smartphone operating system with largest global market share,the malicious applications is booming on its platform.In particular,privacy leak problems in Android applications are getting worsening.With the development of technology,the concealment of privacy leaks in Android applications grows high increasingly,and its detection becomes more and more difficult as well,for instance,using reflection technique to hide the privacy leak operations.Facing such challenge,in this paper we detect and analyse the pseu-do-code of Android applications and propose a new analysis approach for detecting the reflection callings occurring in pseudo-code.Through re-constructing the reflection calling’s arguments and restoring it to the standard calling,we make the reflection calling explicit,so that those privacy leak behaviours which cannot be found and confirmed previously are detected.Based on this work,we design and implement a static detection tool for Android applications privacy leak.At last,the effectiveness of the proposed approach and tool is validated by the experi-ments and analyses on benign applications from Android market and the malicious applications collected from Internet.

Fang-Jing Wu,Matthias R. Brust,Yan-Ann Chen,Tie Luo

DOI: https://doi.org/10.48550/arXiv.1808.01010

2018-08-02

Networking and Internet Architecture

Abstract:Mobile location-based services (LBSs) empowered by mobile crowdsourcing provide users with context-aware intelligent services based on user locations. As smartphones are capable of collecting and disseminating massive user location-embedded sensing information, privacy preservation for mobile users has become a crucial issue. This paper proposes a metric called privacy exposure to quantify the notion of privacy, which is subjective and qualitative in nature, in order to support mobile LBSs to evaluate the effectiveness of privacy-preserving solutions. This metric incorporates activity coverage and activity uniformity to address two primary privacy threats, namely activity hotspot disclosure and activity transition disclosure. In addition, we propose an algorithm to minimize privacy exposure for mobile LBSs. We evaluate the proposed metric and the privacy-preserving sensing algorithm via extensive simulations. Moreover, we have also implemented the algorithm in an Android-based mobile system and conducted real-world experiments. Both our simulations and experimental results demonstrate that (1) the proposed metric can properly quantify the privacy exposure level of human activities in the spatial domain and (2) the proposed algorithm can effectively cloak users' activity hotspots and transitions at both high and low user-mobility levels.

Muyuan Li,Haojin Zhu,Zhaoyu Gao,Si Chen,Kui Ren,Le Yu,Shangqian Hu

DOI: https://doi.org/10.1145/2632951.2632953

2013-01-01

Abstract:Location-based social networks (LBSNs) feature friend discovery by location proximity that has attracted hundreds of millions of users world-wide. While leading LBSN providers claim the well-protection of their users' location privacy, for the first time we show through real world attacks that these claims do not hold. In our identified attacks, a malicious individual with the capability of no more than a regular LBSN user can easily break most LBSNs by manipulating location information fed to LBSN client apps and running them as location oracles. We further develop an automated user location tracking system and test it on leading LBSNs including Wechat, Skout, and Momo. We demonstrate its effectiveness and efficiency via a 3 week real-world experiment on 30 volunteers and show that we could geo-locate any target with high accuracy and readily recover his/her top 5 locations. Finally, we also develop a framework that explores a grid reference system and location classifications to mitigate the attacks. Our result serves as a critical security reminder of the current LBSNs pertaining to a vast number of users.

Michael C. Grace,Yajin Zhou,Zhi Wang,Xuxian Jiang

2012-01-01

Abstract:Recent years have witnessed a meteoric increase in the adoption of smartphones. To manage information and features on such phones, Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run. In this paper, we analyze eight popular Android smartphones and discover that the stock phone images do not properly enforce the permission model. Several privileged permissions are unsafely exposed to other applications which do not need to request them for the actual use. To identify these leaked permissions or capabilities, we have developed a tool called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting them, an untrusted application can manage to wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.

Giuseppe Ateniese,Briland Hitaj,Luigi V. Mancini,Nino V. Verde,Antonio Villani

DOI: https://doi.org/10.48550/arXiv.1505.07774

2015-09-04

Abstract:News reports of the last few years indicated that several intelligence agencies are able to monitor large networks or entire portions of the Internet backbone. Such a powerful adversary has only recently been considered by the academic literature. In this paper, we propose a new adversary model for Location Based Services (LBSs). The model takes into account an unauthorized third party, different from the LBS provider itself, that wants to infer the location and monitor the movements of a LBS user. We show that such an adversary can extrapolate the position of a target user by just analyzing the size and the timing of the encrypted traffic exchanged between that user and the LBS provider. We performed a thorough analysis of a widely deployed location based app that comes pre-installed with many Android devices: GoogleNow. The results are encouraging and highlight the importance of devising more effective countermeasures against powerful adversaries to preserve the privacy of LBS users.

Cryptography and Security

Xiaoyu Sun,Xiao Chen,Kui Liu,Sheng Wen,Li Li,John Grundy

DOI: https://doi.org/10.1109/issre52982.2021.00058

2021-10-01

Abstract:While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

Hongyi Chen,Ho-fung Leung,Biao Han,Jinshu Su

DOI: https://doi.org/10.1109/icc.2017.7996335

2017-01-01

Abstract:Android apps frequently leak private data off the device with or without intentions. Researchers have proposed a large number of methods, for example, static and dynamic analysis methods, to pick out the apps which tend to leak private data. However, they are only able to identify part of private data leakage vulnerabilities, due to the dynamic features in codes or code coverage problem. This paper presents a novel hybrid approach that can find out more private data leakages than the existing static or dynamic methods. The approach, realized in a tool, called HybriDroid, which employs both static and dynamic analysis methods to extract the models of each apps, and then refines the behavior model to a more adequate one according to the dynamic analysis result. As a consequence, HybriDroid inherits the advantages of both static and dynamic analysis methods, which not only achieves a high code coverage, but also can deal with the dynamic features in codes. The evaluation results show that HybriDroid is effective in detecting privacy leakages for both inter-and intra-app communication. Comparing with the existing methods, it can achieve considerable improvements in data leakage detection performance with a 97.8% precision and 90% recall on the selected apps from DroidBench 3.0 test suite.