Shuai Li,Zhemin Yang,Nan Hua,Peng Liu,Xiaohan Zhang,Guangliang Yang,Min Yang

DOI: https://doi.org/10.1145/3548606.3559371

2022-01-01

Abstract:ABSTRACTRecent years have witnessed the interesting trend that modern mobile apps perform more and more likely as user-to-user platforms, where app users can be freely and conveniently connected. Upon these platforms, rich and diverse data is often delivered across users, which brings users great conveniences and plentiful services, but also introduces privacy security concerns. While prior work has primarily studied illegitimate personal data collection problems in mobile apps, few paid little attention to the security of this emerging user-to-user platform feature, thus providing a rather limited understanding of the privacy risks in this aspect. In this paper, we focus on the security of the user-to-user platform feature and shed light on its caused insufficiently-studied but critical privacy risk, which is brought forward by cross-user personal data over-delivery (denoted as XPO). For the first time, this paper reveals the landscape of such XPO risk in wild, along with prevalence and severity assessment. To achieve this, we design a novel automated risk detection framework, named XPOChecker, that leverages the advantages of machine learning and program analysis to extensively and precisely identify potential privacy risks during user-to-user connections, and regulate whether the delivered data is legitimate or not. By applying XPOChecker on 13,820 real-world popular Android apps, we find that XPO is prevalent in practice, with 1,902 apps (13.76%) being affected. In addition to the mere exposure of diverse private user data which causes serious and broad privacy infringement, we demonstrate that the XPO exploits can invalidate privacy preservation mechanisms, leak business secrets, and even restore the sensitive membership of victims which potentially poses personal safety threats. Furthermore, we also confirm the existence of XPO risks in iOS apps for the first time. Last, to help understand and prevent XPO, we have responsibly launched two notification campaigns to inform the developers of the affected apps, with the conclusion of five underlying lessons from developers' feedback. We hope our work can make up for the deficiency of the understandings of XPO, help developers avoid XPO, and motivate further researches.

Chao Wu,Yike Guo

DOI: https://doi.org/10.1109/bigdata.2013.6691688

2013-01-01

Abstract:Personal data collection is becoming pervasive these days, these data has the risk of being abused by current application and application marketplace model, because only the price of application is explicitly indicated without clear agreement on usage of data, and the granularity of data access authentication is not enough to protect users privacy. In this short paper, we propose a new model of user data privacy. Data usage of the application is explicitly shown, and controlled by an authentication service, to protect users from the abuse of their data, especially in mobile application.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1007/978-3-319-08593-7_4

2014-01-01

Abstract:Modern smartphone apps tend to contain and use vast amounts of data that can be broadly classified as structured and unstructured. Structured data, such as an user's geolocation, has predefined semantics that can be retrieved by well-defined platform APIs. Unstructured data, on the other hand, relies on the context of the apps to reflect its meaning and value, and is typically provided by the user directly into an app's interface. Recent research has shown that third-party apps are leaking highly-sensitive unstructured data, including user's banking credentials. Unfortunately, none of the current solutions focus on the protection of unstructured data. In this paper, we propose an owner-centric solution to protect unstructured data on smartphones. Our approach allows the data owners to specify security policies when providing their untrusted data to third-party apps. It tracks the flow of information to enforce the owner's policies at strategic exit points. Based on this approach, we design and implement a system, called <Literal>DataChest</Literal>. We develop several mechanisms to reduce user burden and keep interruption to the minimum, while at the same time preventing the malicious apps from tricking the user. We evaluate our system against a set of real-world malicious apps and a series of synthetic attacks to show that it can successfully prevent the leakage of unstructured data while incurring reasonable performance overhead.

Jiangrong Wu,Yuhong Nan,Luyi Xing,Jiatao Cheng,Zimin Lin,Zibin Zheng,Min Yang

DOI: https://doi.org/10.14722/ndss.2024.24138

2024-01-01

Abstract:Cross-app content sharing is one of the prominent features widely used in mobile apps.For example, a short video from one app can be shared to another (e.g., a messaging app) and further viewed by other users.In many cases, such Crossapp content sharing activities could have privacy implications for both the sharer and sharee, such as exposing app users' personal interests.In this paper, we provide the first in-depth study on the privacy implications of Cross-app content sharing (as we call Cracs) activities in the mobile ecosystem.Our research showed that during the sharing process, the adversary can not only track and infer user interests as traditional web trackers but also cause other severe privacy implications to app users.More specifically, due to multiple privacy-intrusive designs and implementations of Cracs, an adversary can easily reveal a user's social relations to an outside party, or unnecessarily expose user identities and her associated personal data (e.g., user accounts in another app).Such privacy implications are indeed a concern for app users, as confirmed by a user study we have performed with 300 participants.To further evaluate the impact of our identified privacy implications at large, we have designed an automatic pipeline named Shark, combined with static analysis and dynamic analysis to effectively identify whether a given app introduces unnecessary data exposure in Cracs.We analyzed 300 top downloaded apps collected from app stores in both the US and China.The analysis results showed that over 55% of the apps from China and 10% from the US are indeed problematic.

Shuai Li,Zhemin Yang,Yunteng Yang,Dingyi Liu,Min Yang

DOI: https://doi.org/10.1109/tifs.2024.3356197

IF: 7.231

2024-02-14

IEEE Transactions on Information Forensics and Security

Abstract:With the characteristics of free installation and rich functionalities, mobile mini-apps have become more and more popular in people's daily life. A large amount of sensitive personal data is thus involved in them and shared across users for providing various services, which raises great privacy concerns. However, few researchers have paid attention to the potential privacy risks that may exist when user data is shared across users in mobile mini-apps. In this paper, we introduce a novel privacy risk that is brought forward by cross-user personal data over-delivery (denoted as XPO) in mobile mini-apps. Such a discovered privacy risk is demonstrated to be able to cause serious leakage of diverse user data. To detect XPO risk, a dynamic and lightweight mini-app analysis framework – XPOScope is proposed. XPOScope is able to automatically identify XPO risk at a large scale. By applying it to 4,273 mini-apps hosted on three popular platforms, i.e., WeChat, Baidu and Alipay, XPOScope reported 71 vulnerable ones, with a precision of 92.21% and a recall of 80.68%. In addition to the mere exposure of diverse private user data, case studies performed show that XPO in mini-apps can further lead to impersonation attacks, the infringement of employees' privacy, economic loss and even the leakage of sensitive business secrets. The results call for the awareness and actions of mobile mini-app developers to secure cross-user personal data delivery. The code of this work is available at https://github.com/ppflower/XPOScope.

computer science, theory & methods,engineering, electrical & electronic

Yun Shen,Pierre-Antoine Vervier,Gianluca Stringhini

DOI: https://doi.org/10.48550/arXiv.2102.12869

2021-02-25

Abstract:Mobile phones enable the collection of a wealth of private information, from unique identifiers (e.g., email addresses), to a user's location, to their text messages. This information can be harvested by apps and sent to third parties, which can use it for a variety of purposes. In this paper we perform the largest study of private information collection (PIC) on Android to date. Leveraging an anonymized dataset collected from the customers of a popular mobile security product, we analyze the flows of sensitive information generated by 2.1M unique apps installed by 17.3M users over a period of 21 months between 2018 and 2019. We find that 87.2% of all devices send private information to at least five different domains, and that actors active in different regions (e.g., Asia compared to Europe) are interested in collecting different types of information. The United States (62% of the total) and China (7% of total flows) are the countries that collect most private information. Our findings raise issues regarding data regulation, and would encourage policymakers to further regulate how private information is used by and shared among the companies and how accountability can be truly guaranteed.

Cryptography and Security

X. Sean Wang

DOI: https://doi.org/10.1007/978-3-642-39200-9_2

2013-01-01

Abstract:Data is increasingly available in a digital form, and data about us is being continuously collected. Such data has made possible many interesting and useful applications, and in essense made it possible for the Web to exist in the current form. Sharing this data makes a lot of sense for many reasons. However, personal privacy has become a concern. In this talk, I will touch upon a recent study of the privacy data leakage problem of mobile apps in China, and discuss various ways to protect user data.

Guang Yang,Shibo He,Junshan Zhang,Zhiguo Shi

DOI: https://doi.org/10.1109/tvt.2019.2950907

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Crowdsensing has been recognized as a promising data collection paradigm, in which a platform outsources sensing tasks to a large number of users. However, requesting users to report raw data may give rise to many practical concerns, such as a significant overhead of communication and central processing, besides users' privacy concerns. In many scenarios (e.g, advertising and recommendation), the data collector directly benefits from statistical aggregation of raw data. Thus motivated, we consider the data collection problem based on user's local histograms, which is intimately related to the fundamental trade-off between the platform's accuracy and users' privacy. Because of users' social relationship, their data are often correlated, indicating that users' privacy may be leaked from others' data. To tackle this challenge, we first utilize Gaussian Markov random fields to model the correlation structure embedded in users' data. The data collection is modeled as a Stackelberg game where the platform decides its reward policy and users decide their noise levels while taking into account the social coupling among users. For the reward policy design, we first establish the relationship between users' Nash equilibrium and the payment mechanism, and then optimize the platform's accuracy under a budget constraint. Further, since the noise levels are users' private information, they may use falsified noise levels to achieve higher payoffs, which in turn impairs the crowdsensing performance. It turns out that with the insight into the correlation structure among users' data, the information asymmetry can be overcome based on peer prediction. We revisit the payment mechanism to guarantee dominant truthfulness of each user's strategy. Theoretical analysis and numerical results demonstrate the effectiveness of the proposed mechanism.

Che Li,Yue Zhou,Shuang Li,Yaru Deng,Meng Zhang,Kanghui Wang

DOI: https://doi.org/10.1109/ICIS51600.2021.9516873

2021-06-23

Abstract:Privacy protection is a vital part of information security. However, the excessive collections and uses of personal information have intensified in the area of mobile apps (applications). To comprehend the current situation of APP personal information security problem of APP, this paper uses a combined approach of static analysis technology, dynamic analysis technology, and manual review to detect and analyze the installed file of mobile apps. 40 mobile apps are detected as experimental samples. The results demonstrate that this combined approach can effectively detect various issues of personal information security problem in mobile apps. Statistics analysis of the experimental results demonstrate that mobile apps have outstanding problems in some aspects of personal information security such as privacy policy, permission application, information collection, data storage, etc.

Computer Science

Zilong Liu,Xuequn Wang,Xiaohan Li,Jun Liu

DOI: https://doi.org/10.1145/3475797

2022-02-28

Abstract:Although individuals increasingly use mobile applications (apps) in their daily lives, uncertainty exists regarding how the apps will use the information they request, and it is necessary to protect users from privacy-invasive apps. Recent literature has begun to pay much attention to the privacy issue in the context of mobile apps. However, little attention has been given to designing the permission request interface to reduce individuals’ perceived uncertainty and to support their informed decisions. Drawing on the principal–agent perspective, our study aims to understand the effects of permission justification, certification, and permission relevance on users’ perceived uncertainty, which in turn influences their permission authorization. Two studies were conducted with vignettes. Our results show that certification and permission relevance indeed reduce users’ perceived uncertainty. Moreover, permission relevance moderates the relationship between permission justification and perceived uncertainty. Implications for theory and practice are discussed.

computer science, information systems, cybernetics

Yao Guo,Li Zhang,Xiangqun Chen

DOI: https://doi.org/10.1145/2646584.2646590

2014-01-01

Abstract:As the development of mobile devices and applications, mobile privacy has become a very important issue. Current researches on mobile privacy mainly focus on potential leakages on a particular device. However, leakage of sensitive data on a mobile device not only violates the privacy of the phone (or data) owner, but also violates the privacy of many other people whose information are contained in the data directly or indirectly (they are called data involvers). To address such problems, we introduce a collaborative privacy management framework, which aims to provide fine-grained data privacy protection for both data owners and data involvers in a distributed manner. Based on individual privacy policies specified by each user, a collaborative privacy policy is generated and enforced on different devices automatically. As a proof-of-concept prototype, we implement the proposed framework on Android and demonstrate its applicability with two case studies.

Jenny Tang,Hannah Shoemaker,Leah Teffera,Eleanor Birrell,Ada Lerner

DOI: https://doi.org/10.48550/arXiv.2211.07235

2022-11-14

Abstract:As technology and technology companies have grown in power, ubiquity, and societal influence, some companies -- and notably some mobile apps -- have come to be perceived as privacy threats. Prior work has considered how various factors impact perceptions of threat, including social factors, political speech, and user-interface design. In this work, we investigate how user-visible context clues impact perceptions about whether a mobile application application poses a privacy threat. We conduct a user study with 2109 users in which we find that users depend on context clues -- such as presence of advertising and occurrence (and timing of payment) -- to determine the extent to which a mobile app poses a privacy threat. We also quantify how accurately user assessments match published data collection practices, and we identify a commonly-held misconception about how payments are processed. This work provides new insight into how users assess the privacy threat posed by mobile apps and into social norms around data collection.

Human-Computer Interaction,Cryptography and Security

David Rodriguez,Jose M. Del Alamo,Celia Fernández-Aller,Norman Sadeh

DOI: https://doi.org/10.1109/access.2024.3349425

IF: 3.9

2024-01-01

IEEE Access

Abstract:In an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previous studies have pointed out difficulties in doing so. To further delve into this issue, this article describes an automated method to capture data-sharing practices in Android apps and assess their proper disclosure according to the EU General Data Protection Regulation. We applied the method to 9,000 random Android apps, unveiling an uncomfortable reality: over 80% of Android applications that transfer personal data off device potentially fail to meet GDPR transparency requirements. We further investigate the role of third-party libraries, shedding light on the source of this problem and pointing towards measures to address it.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaohan Zhang,Yang Wang,Xin Zhang,Ziqi Huang,Lei Zhang,Min Yang

DOI: https://doi.org/10.48550/arXiv.2306.08391

2023-06-14

Cryptography and Security

Abstract:Nowadays the app-in-app paradigm is becoming increasingly popular, and sub-apps have become an important form of mobile applications. WeChat, the leading app-in-app platform, provides millions of sub-apps that can be used for online shopping, financing, social networking, etc. However, privacy issues in this new ecosystem have not been well understood. This paper performs the first systematic study of privacy over-collection in sub-apps (denoted as SPO), where sub-apps actually collect more privacy data than they claim in their privacy policies. We propose a taxonomy of privacy for this ecosystem and a framework named SPOChecker to automatically detect SPO in real-world sub-apps. Based on SPOChecker, we collect 5,521 popular and representative WeChat sub-apps and conduct a measurement study to understand SPO from three aspects: its landscape, accountability, and defense methods. The result is worrisome, that more than half of all studied sub-apps do not provide users with privacy policies. Among 2,511 sub-apps that provide privacy policies, 489 (19.47%) of them contain SPO. We look into the detailed characteristics of SPO, figure out possible reasons and the responsibilities of stakeholders in the ecosystem, and rethink current defense methods. The measurement leads to several insightful findings that can help the community to better understand SPO and protect privacy in sub-apps.

Zhiyuan Wan,Lingfeng Bao,Debin Gao,Eran Toch,Xin Xia,Tamir Mendel,David Lo

DOI: https://doi.org/10.1145/3369819

2019-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:The rapid adoption of Smartphone devices has caused increasing security and privacy risks and breaches. Catching up with ever-evolving contemporary smartphone technology challenges leads older adults (aged 50+) to reduce or to abandon their use of mobile technology. To tackle this problem, we present AppMoD, a community-based approach that allows delegation of security and privacy decisions a trusted social connection, such as a family member or a close friend. The trusted social connection can assist in the appropriate decision or make it on behalf of the user. We implement the approach as an Android app and describe the results of three user studies (n=50 altogether), in which pairs of older adults and family members used the app in a controlled experiment. Using app anomalies as an ongoing case study, we show how delegation improves the accuracy of decisions made by older adults. Also, we show how combining decision-delegation with crowdsourcing can enhance the advice given and improve the decision-making process. Our results suggest that a community-based approach can improve the state of mobile security and privacy.

Peifu Yang,Yuhong Nan,Lei Xue,Yuliang Zhang,Juan Zhai,Zibin Zheng

DOI: https://doi.org/10.1109/jiot.2024.3432778

2024-01-01

Abstract:The rapid advancement of intelligent connected vehicles (ICVs) in the automotive sector has significantly intensified security and privacy issues. Particularly, the previous studies have indicated that the ICV users (owners) are deeply concerned about the extensive data gathered by these vehicles. However, current research into vehicle security predominantly concentrates on the analysis and discussion of sensitive data from ICVs of specific brands or models. There is a notable lack of studies that conduct a comprehensive, large-scale investigation into the sensitive data collected by ICVs and assess the privacy implications of such data collection. In this article, we undertake an extensive investigation to comprehend the privacy risks associated with Internet-connected vehicles (ICVs) through their companion mobile apps. To accomplish this, we have devised a semi-automatic pipeline leveraging program analysis and large language model (LLM) to identify and track sensitive data across these apps. Specifically, we begin by constructing a detailed knowledge base of ICV sensitive data extracted from the privacy policies of companion apps. Subsequently, we conduct static analysis on the car companion apps, pinpointing instances of sensitive data usage within the app code and analysing their potential privacy risks. Our analysis, covering 401 car companion apps spanning 271 unique vehicle brands, unveils several noteworthy findings concerning the usage of user sensitive data in the ICV ecosystem. For instance, various entities within the ICV ecosystem collect a wide array of sensitive data, including brake status, passenger occupancy, and insurance details. Alarmingly, we discover that 37.91% of car companion apps fail to adequately disclose their data usage practices. Moreover, we observe extensive involvement of entities beyond vehicle manufacturers in the handling of vehicle sensitive data, including data analytics companies, charging service providers, and cloud service vendors.

Jody Farnden,Ben Martini,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.48550/arXiv.1505.02906

2015-05-12

Abstract:Dating apps for mobile devices, one popular GeoSocial app category, are growing increasingly popular. These apps encourage the sharing of more personal information than conventional social media apps, including continuous location data. However, recent high profile incidents have highlighted the privacy risks inherent in using these apps. In this paper, we present a case study utilizing forensic techniques on nine popular proximity-based dating apps in order to determine the types of data that can be recovered from user devices. We recover a number of data types from these apps that raise concerns about user privacy. For example, we determine that chat messages could be recovered in at least half of the apps examined and, in some cases, the details of any users that had been discovered nearby could also be extracted.

Computers and Society

Wei YANG,Xusheng XIAO,Dengfeng LI,Huoran LI,Xuanzhe LIU,Haoyu WANG,Yao GUO,Tao XIE

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.02.001

2016-01-01

Abstract:With the increasing popularity of mobile apps, security incidents of mobile apps frequently occur. Accurately identifying security threats among billions of mobile apps has become an important and difficult topic in information secu-rity. In the meantime, the increasing number of mobile apps leads to a massive amount of mobile security data, which ena-bles security analytics for mobile apps. In this article, we illustrate recent research achievements on mobile security ana-lytics from five different perspectives:User Interface (UI) analytics, identification of repackage apps, consistency check-ing between apps functionality and security behaviors, context-sensitive detection of malicious behaviors, and client app management/usage. We also discuss future directions on security analytics for mobile apps, along with challenges in these directions.

Christos Perentis,Michele Vescovi,Chiara Leonardi,Corrado Moiso,Mirco Musolesi,Fabio Pianesi,Bruno Lepri

DOI: https://doi.org/10.1145/3017431

IF: 5.3

2017-05-28

ACM Transactions on Internet Technology

Abstract:The wide adoption of mobile devices and social media platforms have dramatically increased the collection and sharing of personal information. More and more frequently, users are called to make decisions concerning the disclosure of their personal information. In this study, we investigate the factors affecting users’ choices toward the disclosure of their personal data, including not only their demographic and self-reported individual characteristics, but also their social interactions and their mobility patterns inferred from months of mobile phone data activity. We report the findings of a field study conducted with a community of 63 subjects provided with (i) a smart-phone and (ii) a Personal Data Store (PDS) enabling them to control the disclosure of their data. We monitor the sharing behavior of our participants through the PDS and evaluate the contribution of different factors affecting their disclosing choices of location and social interaction data. Our analysis shows that social interaction inferred by mobile phones is an important factor revealing willingness to share, regardless of the data type. In addition, we provide further insights on the individual traits relevant to the prediction of sharing behavior.

computer science, information systems, software engineering

Yuan Zhang,Qingjun Chen,Sheng Zhong

DOI: https://doi.org/10.1109/TIFS.2016.2515513

2016-01-01

Abstract:Mobile phone sensing provides a promising paradigm for collecting sensing data and has been receiving increasing attention in recent years. Different from most existing works, which protect participants’ privacy by hiding the content of their data and allow the aggregator to compute some simple aggregation functions, we propose a new approach to protect participants’ privacy by delinking data from its sources. This approach allows the aggregator to get the exact distribution of the data aggregation and, therefore, enables the aggregator to efficiently compute arbitrary/complicated aggregation functions. In particular, we first present an efficient protocol that allows an untrusted data aggregator to periodically collect sensed data from a group of mobile phone users without knowing which data belong to which user. Assume there are $n$ users in the group. Our protocol achieves $n$ -source anonymity in the sense that the aggregator only learns that the source of a piece of data is one of the $n$ users. Then, we consider a practical scenario where users may have different source anonymity requirements and provide a solution based on dividing users into groups. This solution optimizes the efficiency of data aggregation and meets all users’ requirements at the same time.