Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1007/978-3-319-08593-7_4

2014-01-01

Abstract:Modern smartphone apps tend to contain and use vast amounts of data that can be broadly classified as structured and unstructured. Structured data, such as an user's geolocation, has predefined semantics that can be retrieved by well-defined platform APIs. Unstructured data, on the other hand, relies on the context of the apps to reflect its meaning and value, and is typically provided by the user directly into an app's interface. Recent research has shown that third-party apps are leaking highly-sensitive unstructured data, including user's banking credentials. Unfortunately, none of the current solutions focus on the protection of unstructured data. In this paper, we propose an owner-centric solution to protect unstructured data on smartphones. Our approach allows the data owners to specify security policies when providing their untrusted data to third-party apps. It tracks the flow of information to enforce the owner's policies at strategic exit points. Based on this approach, we design and implement a system, called <Literal>DataChest</Literal>. We develop several mechanisms to reduce user burden and keep interruption to the minimum, while at the same time preventing the malicious apps from tricking the user. We evaluate our system against a set of real-world malicious apps and a series of synthetic attacks to show that it can successfully prevent the leakage of unstructured data while incurring reasonable performance overhead.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1109/noms.2016.7502850

2016-01-01

Abstract:Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, the number of smartphone thefts is increasing at a rapid speed. As a result, there is an imperative need to protect sensitive data on lost or stolen mobile devices. In this work, we develop a practical solution to protect sensitive data on mobile devices. Our solution enables adaptive protection by pro-actively stepping up or stepping down data security based on perceived contextual risk of the device. We realize our solution for the Android platform in the form of a system called AppShell. AppShell does not require root privilege, nor need any modification to the underlying framework, and hence is a ready-to-deploy solution. It supports both in-memory and on-disk data protection by transparently encrypting the data, and discarding the encryption key, when required, for enhanced protection. We implement a working prototype of AppShell and evaluate it against several popular Android apps. Our results show that AppShell can successfully protect sensitive data in the lost devices with a reasonable performance overhead.

Xiao Xuan,Ye Wang,Shanping Li

DOI: https://doi.org/10.1109/repa.2014.6894842

2014-01-01

Abstract:Nowadays mobile devices have rapidly developed. Privacy protection for mobile operating systems has become a hot topic in industry and research, which also brings new challenges. The scenarios in mobile operating systems are different from those in tradition systems. Users of mobile systems face more and more new risks in new scenarios. On the other hand, personal data is growing exponentially every day. It reminds us the importance of privacy protection is also increasing at the same time.In this paper, we study the privacy patterns for mobile operating systems. We elicit privacy-related requirements in three ways - knowledge from domain experts, literature review on public documents of existing mature systems and feedback from real users. Based on these requirements, we propose 7 privacy patterns which are presented with the RePa Requirements Pattern Template. All of these patterns were refined by professional business analysts which concrete the result of our work. We believe that our findings can help business analysts with the description for privacy requirements in future mobile operating system development projects.

Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1109/sate.2016.13

2016-01-01

Abstract:As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.

DAI Wei,ZHENG Tao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.09.074

2012-01-01

Abstract:The privacy mode in Android has some defects and is lack of effective mechanisms to prevent loss of privacy between applications.This paper proposed a new privacy protection model by using the fine-grained permissions and privacy data tainting.Firstly the method could prevent loss of privacy from a single application by dynamically configuring the permissions in a fine-grained manner.By leveraging the track of the tainted privacy data it could prohibit the propagation of the privacy data between applications which had different permissions on the accordingly privacy tag.Repeatly experimental tests show the model is able to effectively protect the privacy of data within the Android application,and to detect the privilege escalation attacks between applications so as to isolate the private data.As a result,the full range of private data within Android is in protection,and leads a new direction for related research in the future.

Hao Zhou,Haoyu Wang,Xiapu Luo,Ting Chen,Yajin Zhou,Ting Wang

DOI: https://doi.org/10.14722/ndss.2022.23166

2022-01-01

Abstract:—Due to the complexity resulted from the huge code base and the multi-context nature of Android, inconsistent access control enforcement exists in Android, which can be exploited by malware to bypass the access control and perform unauthorized security-sensitive operations. Unfortunately, existing studies only focus on the inconsistent access control enforcement in the Java context of Android. In this paper, we conduct the first systematic investigation on the inconsistent access control enforcement across the Java context and native context of Android. In particular, to automatically discover cross-context inconsistencies, we design and implement IAceFinder , a new tool that extracts and contrasts the access control enforced in the Java context and native context of Android. Applying IAceFinder to 14 open-source Android ROM s, we find that it can effectively uncover their cross-context inconsistent access control enforcement. Specifically, IAceFinder discovers 23 inconsistencies that can be abused by attackers to compromise the device and violate user privacy.

Mike Grace,Yajin Zhou,Zhi Wang,Xuxian Jiang

2011-01-01

Abstract:Recent years have witnessed increased popularity and adoption of smartphones partially due to the functionalities and convenience offered to their users (e.g., the ability to run third-party applications). To manage the amount of access given to smartphone applications, Android provides a permission-based security model, which requires each application to explicitly request permissions before it can be installed to run. In this paper, we systematically analyze eight flagship Android smartphones from leading manufacturers, including HTC, Motorola, and Samsung and found out that the stock phone images do not properly enforce the permission model. Several privileged permissions that protect the access to sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not need to request them for the actual use, a security violation termed capability leak in this paper. To facilitate identifying these capability leaks, we take a static analysis approach and have accordingly developed a system called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting these leaked capabilities, an untrusted application can manage to wipe out the user data, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations on the affected phones – all without the need of asking for any permission.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

Guangdong Bai,Liang Gu,Tao Feng,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1007/978-3-642-16161-2_19

2010-01-01

Abstract:The security of smart phones is increasingly important due to their rapid popularity. Mobile computing on smart phones introduces many new characteristics such as personalization, mobility, pay-for-service and limited resources. These features require additional privacy protection and resource usage constraints in addition to the security and privacy concerns on traditional computers. As one of the leading open source mobile platform, Android is also facing security challenges from the mobile environment. Although many security measures have been applied in Android, the existing security mechanism is coarse-grained and does not take into account the context information, which is of particular interest because of the mobility and personality of a smart phone device.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hongqi He,Shuiqiao Yang

DOI: https://doi.org/10.1109/cit.2016.14

2016-01-01

Abstract:As the number of smart devices continues to grow dramatically, programmes and data handled by such smart devices have become the primary targets of hackers and malwares. ARM-Android is the most widespread platform for smart devices. Access to privacy-and security-relevant parts of the API is controlled by the corresponding permission in a manifest. However, while requesting access to permissions, these applications may offer opportunities to malicious codes to gain access to other inaccessible resources which will cause a series of security issues. Recently, many researchers focus on the permission-based mechanism which restricts accesses of users and applications to critical resources on an ARM-Android device. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our permission-based security architecture on ARM-Android platform. We propose an usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension. In contrast to previous work, the proposed security architecture provides a flexible mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness in mitigating permission leakage vulnerabilities.

Luyun Li,Shengling Wang,Junqi Guo,Rongfang Bie,Kai Lin

DOI: https://doi.org/10.1007/978-3-319-42836-9_35

2016-01-01

Abstract:The sensing capabilities of the smart phones gave birth to context-aware applications, which can provide personalized services based on users’ contexts. Since context-aware applications may sell contexts to some malicious third-parties, the exposure of contexts will handicap the development of context-aware applications in large scale. Nevertheless, it is challenging to solve the context privacy issue, because the users of the context-aware applications should trade off between service quality and privacy exposure. Nowadays, most privacy protection techniques for mobile applications neglect the context preservation. Meanwhile, limited work on context privacy doesn’t consider the applications’ strategies, which are key factors on user’s context privacy preservation. In this paper, we make a tradeoff analysis on behaviours of the user, the application and the adversary, and then we use extensive form game to formulate the decision-marking process of these three parties. After constructing payoff functions for them, we solve and analyse their Nash equilibriums. Our study shows that the key of context privacy preservation is to establish a sound reputation mechanism for context-aware applications, through which the issue of context privacy can be eliminated utterly. As a consequence, a trust between users and mobile applications can be built.

Hao Wu,Zheng Qin,Xuejin Tian,Edward Sun,Fengyuan Xu,Sheng Zhong

DOI: https://doi.org/10.1109/dsc47296.2019.8937600

2019-01-01

Abstract:Android, which accounts for 76.08% of the market(1), is the most popular and widely used mobile system today. Users install various applications from different sources and for different functionalities to get all sorts of services. Since smartphones carry a large amount of private user information, their security has been widely concerned in recent years. Android uses permissions to restrict the behaviors of applications and protect system resources and user privacy, such as location, password, and contact list carried on mobile devices. The research community has previously explored a variety of methods to enhance the permission system with the help of the system context and application program. However, such methods cannot address the permission violation issues raised by resources sharing, e.g., screen sharing and clipboard sharing, which are designed for more convenient human-computer interactions. In this work, we perform several proof-of-concept attacks on resources sharing to illustrate the deficiencies in the permission control system. We believe that the cause of these issues is that the permission control system does not fully understand the user's intentions. Then, we propose a non-intrusive user-action based permission control system, which can achieve more precise permission control by mining the user's intentions when operating the device.

Shengling Wang,Luyun Li,Weiman Sun,Junqi Guo,Rongfang Bie,Kai Lin

DOI: https://doi.org/10.3390/s17020339

2017-02-10

Abstract:In a context sensing system in which a sensor-equipped mobile phone runs an unreliable context-aware application, the application can infer the user's contexts, based on which it provides personalized services. However, the application may sell the user's contexts to some malicious adversaries to earn extra profits, which will hinder its widespread use. In the real world, the actions of the user, the application and the adversary in the context sensing system affect each other, so that their payoffs are constrained mutually. To figure out under which conditions they behave well (the user releases, the application does not leak and the adversary does not retrieve the context), we take advantage of game theory to analyze the context sensing system. We use the extensive form game and the repeated game, respectively, to analyze two typical scenarios, single interaction and multiple interaction among three players, from which Nash equilibriums and cooperation conditions are obtained. Our results show that the reputation mechanism for the context-sensing system in the former scenario is crucial to privacy preservation, so is the extent to which the participants are concerned about future payoffs in the latter one.

Jie Gu,Yunjie (Calvin) Xu,Heng Xu,Cheng Zhang,Hong Ling

DOI: https://doi.org/10.1016/j.dss.2016.10.002

IF: 6.969

2017-01-01

Decision Support Systems

Abstract:In the mobile age, protecting users' information from privacy-invasive apps becomes increasingly critical. To precaution users against possible privacy risks, a few Android app stores prominently disclose app permission requests on app download pages. Focusing on this emerging practice, this study investigates the effects of contextual cues (perceived permission sensitivity, permission justification and perceived app popularity) on Android users' privacy concerns, download intention, and their contingent effects dependent on users' mobile privacy victim experience. Drawing on Elaboration Likelihood Model, our empirical results suggest that perceived permission sensitivity makes users more concerned about privacy, while permission justification and perceived app popularity make them less concerned. Interestingly, users' mobile privacy victim experience negatively moderates the effect of permission justification. In particular, the provision of permission justification makes users less concerned about their privacy only for those with less mobile privacy victim experience. Results also reveal a positive effect of perceived app popularity and a negative effect of privacy concerns on download intention. This study provides a better understanding of Android users' information processing and the formation of their privacy concerns in the app download stage, and proposes and tests emerging privacy protection mechanisms including the prominent disclosure of app permission requests and the provision of permission justifications. We focus on Android users' privacy decision-making in app download stage.Perceived permission sensitivity makes users more concerned for privacy.Permission justification makes users less concerned for privacy.Perceived app popularity make users less concerned for privacy.Mobile privacy victim experience reduces the alleviating effect of permission justification on privacy concerns.

Fang He,Jun Tao

DOI: https://doi.org/10.1109/icears53579.2022.9751938

2022-03-16

Abstract:This article aims to design and implement a smart phone data protection application based on a cloud computing platform to improve data security and prevent data loss and sensitive data leakage. In view of the current state of smart phone data security, on the basis of studying the platform and its development key technologies, mobile platform information security technology, backup strategy, encryption and decryption technology, and cloud computing technology, proprietary communication protocols and tunneling protocols are used. Comprehensive use of layered design, identity verification, and encryption to ensure the security of the transmission channel from both &quot;content encryption&quot; and &quot;channel encryption&quot;, and the security has increased by 7.6%.

Xiangyu Liu,Zhe Zhou,Wenrui Diao,Zhou Li,Kehuan Zhang

DOI: https://doi.org/10.1007/978-3-319-18467-8_36

2015-01-01

Abstract:With millions of apps provided from official and third-party markets, Android has become one of the most active mobile platforms in recent years. These apps facilitate people's lives in a broad spectrum of ways but at the same time touch numerous users' information, raising huge privacy concerns. To prevent leaks of sensitive information, especially from legitimate apps to malicious ones, developers are encouraged to store users' sensitive data into private folders which are isolated and securely protected. But for non-sensitive data, there is no specific guideline on how to manage them, and in many cases, they are simply stored on public storage which lacks fine-grained access control and is almost open to all apps.Such storage model appears to be capable of preventing privacy leaks, as long as the sensitive data are correctly identified and kept in private folders by app developers. Unfortunately, this is not true in reality. In this paper, we carry out a thorough study over a number of Android apps to examine how the sensitive data are handled, and the results turn out to be pretty alarming: most of the apps we surveyed fail to handle the data correctly, including extremely popular apps. Among these problematic apps, some directly store the sensitive data into public storage, while others leave non-sensitive data on public storage which could give out users' private information when being combined with data from other sources. An adversary can exploit these leaks to infer users' location, friends and other information without requiring any critical permission. We refer to both types of data as "non-shared" data, and argue that Android's storage model should be refined to protect the non-shared data if they are saved to public storage. In the end, we propose several approaches to mitigate such privacy leaks.

LU Wenxiong,WANG Haoyu

DOI: https://doi.org/10.11959/j.issn.2096-0271.2020003

IF: 3.3

2020-01-01

Big Data Research

Abstract:Mobile systems,such as Android,use permission-based access control mechanism,which is at the granularity of each application.Apart from the code from developers themselves,applications also contain code from third-party libraries,which has led to serious overuse of application permissions.A novel origin-based (similar to browsers) and fine-grained control mechanism was introduced,which broke the boundary between applications in terms of access control and finegrained the granularity to the level of code source.The mechanism was implemented onto Android framework,and a set of tools to modify applications were also offered.Experiment results suggest that system can allow (or limit) certain developers to execute certain sensitive behaviors.

Min Yang,Jianjun Zhang

2012-01-01

Abstract:Most mobile devices are now based on the Android operating system platform with almost all applications(called apps) downloaded from a few centralized software distribution sites,called marketplaces.However,the lack of effective security vetting mechanisms as well as the Android openness means that the marketplaces may unintentionally be hosting many apps developed by third parties who intend to manipulate and collect user privacy data for a variety of purposes.This paper reports an empirical study of the privacy leakage problem for about 330 of the most popular apps from seven representative Android marketplaces in China.A two-step process was used to minimize false alarms with each app initially examined by a static analysis tool and,if this examination reported suspicious code segments,the app was then tracked dynamically within a controlled run-time environment to identify the actual privacy leakage.The evaluation results show that more than 58% of the apps lead privacy data without user consent.

Gulshan Shrivastava,Prabhat Kumar

DOI: https://doi.org/10.1007/s12667-019-00359-7

2019-10-10

Energy Systems

Abstract:The extensive use of android systems in today's era has led to a growth in malware related issues. This problem is majorly caused because of the open environment of the Android framework which eases the use of third-party applications and allows them to run smoothly on an Android device. Communication between various processes also permits the reprocess of component crosswise process boundaries. This structure enables access to various delicate services within the Android framework. In this paper, we analyze samples of clean and malware applications based on permission and intent modeling. Here we have structured the rule-based mathematical modelling based on permission and intent to identify the untrustworthy permission and intent list.