ISSN 0253-2778

CN 34-1054/N

open
Free to Publish. Free to Read.
Open AccessOpen Access JUSTC Original Paper

An approach to evaluate the effectiveness of privacy protection in Android system

  • 1.

    School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China

  • 2.

    Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

Cite this: JUSTC, 2014, 44(10): 853-861
https://doi.org/10.3969/j.issn.0253-2778.2014.10.009
CSTR: 32290.14.j.issn.0253-2778.2014.10.009
More Information
  • Received Date: January 16, 2014
  • Revised Date: March 12, 2014
  • Accepted Date: March 12, 2014
  • Published Date: October 29, 2014
    Abstract
  • To protect private data in smart phones, Android enforces a permission-based security policy. PrivacyMiner, a tool for evaluating the effectiveness of privacy protection in Android, was designed. First, 22 categories of private data in smart phones were identified, which were then checked to see if Android could efficiently protect them from malware. PrivacyMiner was applied to 12 revisions of Android source code, and it was found that 7 categories of private data were not well protected, as Malware can read them and send them out without any permission. These vulnerabilities were verified on 6 Android devices with 6 revisions of Android, from 2.1 up to 4.4.2. Our findings were confirmed by the Android Security Team from Google.
    • FullText(HTML)
    References (26)
    Related Articles
    Track Citations

Catalog

    Get Citation
    {{if article.pdfAccess}}
    {{if article.articleBusiness.pdfLink && article.articleBusiness.pdfLink != ''}} {{else}} {{/if}}PDF
    {{/if}}
    XML
    [1]
    Apple Press Info. Apple s App Store Marks Historic 50 Billionth Download [EB/OL]. http://www.apple.com/pr/library/2013/05/16Apples-App-Store-Marks-Historic-50-Billionth-Download.html.
    [2]
    There have been 900 million Android activations, 48 billion app installs to date [EB/OL]. http://www.engadget.com/2013/05/15/900-million-android-activations/.
    [3]
    Enck W, Gilbert P, Chun B, et al. TaintDroid: An information-flow tracking system for realtime privacy monitoring on SmartPhones [C]// Proceedings of the 9th USENIX conference on Operating systems design and implementation. Berkley, USA: ACM Press. 2010, 10: 255-270.
    [4]
    Enck W, Octeau D, McDaniel P, et al. A study of android application security [C]// Proceedings of the 20th USENIX conference on Security. Berkley, USA: ACM Press 2011: 21.
    [5]
    Orthacker C, Teufl P, Kraxberger S, et al. Android security permissions — Can we trust them? [C]// International ICST Conference on Security and Privacy in Mobile Information and Communication Systems. Aalborg, Denmark: Springer, 2012: 40-51.
    [6]
    Zhou Y J, Jiang X X. Dissecting android malware: Characterization and evolution [C]// Proceedings of the 2012 IEEE Symposium on Security and Privacy. San Francisco, USA: IEEE Press, 2012: 95-109.
    [7]
    Chia P H, Yamamoto Y, Asokan N. Is this app safe? A large scale study on application permissions and risk signals [C]// Proceedings of the 21st International Conference on World Wide Web. Lyon, France: ACM Press, 2012: 311-320.
    [8]
    Android Company. Permissions in Android [EB/OL]. http://developer.android.com/reference/android/Manifest.permission.html.
    [9]
    Felt A P, Ha E, Egelman S, et al. Android permissions: User attention, comprehension, and behavior [C]// Proceedings of the 8th Symposium on Usable Privacy and Security. University of California, Berkeley, USA: ACM Press, 2012: Article No.3(1-14).
    [10]
    Lane M. Does the android permission system provide adequate information privacy protection for end-users of mobile apps? [C]// Proceedings of the 10th Australian Information Security Management Conference. Perth, Australia: ePrint, 2012: 66-73.
    [11]
    Chin E. Felt A P, Greenwood K, et al. Analyzing Inter-application communication in android [C]// Proceedings of the 9th International Conference on Mobile systems, applications, and services. Bethesda, USA: ACM Press, 2011: 239-252.
    [12]
    Kantola D, Chin E, He W D, et al. Reducing attack surfaces for intra-application communication in android [C]// Proceedings of the second ACM workshop on Security and privacy in SmartPhones and Mobile Devices. Raleigh, USA: ACM Press, 2012: 69-80.
    [13]
    Grace M, Zhou Y J, Wang Z, et al. Systematic detection of capability leaks in stock android SmartPhones [C]// Proceedings of the 19th Network and Distributed System Security Symposium. San Diego, USA: ACM Press, 2012.
    [14]
    Gibler C, Crussell J, Erickson J, et al. AndroidLeaks: Automatically detecting potential privacy leaks in android applications on a large scale [C]// Proceedings of the 5th International Conference on Trust and Trustworthy Computing. Vienna, Austria: Springer, 2012: 291-307.
    [15]
    Wei X T, Gomez L, Neamtiu L, et al. Permission evolution in the android ecosystem [C]// Proceedings of the 28th Annual Computer Security Applications Conference.Orlando, USA: ACM Press, 2012: 31-40.
    [16]
    Barrera D, Kayacik H G, van Oorschot P C, et al. A methodology for empirical analysis of permission-based security models and its application to android [C]// Proceedings of the 17th ACM Conference on Computer and Communications Security. Chicago, USA:ACM Press, 2010: 73-84.
    [17]
    Au K W Y, Zhou Y F, Huang Z, et al. PScout: analyzing the Android permission specification [C]// Proceedings of the 2012 ACM conference on Computer and Communications Security. Raleigh, USA: ACM Press, 2012: 217-228.
    [18]
    Zhou W, Zhou Y J, Jiang X X, et al. Detecting repackaged SmartPhone applications in third-party android marketplaces [C]// Proceedings of the Second ACM Conference on Data and Application Security and Privacy. San Antonio, USA: ACM Press, 2012: 317-326.
    [19]
    Zhou W, Zhang X W, Jiang X X. AppInk: Watermarking android apps for repackaging deterrence [C]// Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. Hangzhou, China: ACM Press, 2013: 1-12.
    [20]
    Felt A P, Chin E, Hanna S, et ala. Android permissions demystified [C]// Proceedings of the 18th ACM Conference on Computer and Communications Security. Chicago, USA:ACM Press, 2011: 627-638.
    [21]
    Chan P F, Hui C K, Yiu S M. DroidChecker: Analyzing android applications for capability leak [C]// Proceedings of the fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. Tucson, USA: ACM Press, 2012: 125-136.
    [22]
    Gibler C, Crussell J, Erickson J, et al. AndroidLeaks: Automatically detecting potential privacy leaks in android applications on a large scale [C]// Proceedings of the 5th International Conference on Trust and Trustworthy Computing. Vienna, Austria: Springer, 2012: 291-307.
    [23]
    Enck W, Gilbert P, Chun B, et al. TaintDroid: An information-flow tracking system for realtime privacy monitoring on SmartPhones [C]// Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. Vancouver, Canada: USENIX Association, 2010, 10: 255-270.
    [24]
    Yang Z M, Yang M. Leakminer: Detect information leakage on android with static taint analysis [C]// Third World Congress on Software Engineering. Wuhan, China: IEEE Press, 2012: 101-104.
    [25]
    Yan L K, Yin H. Droidscope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis [C]// Proceedings of the 21st USENIX Security Symposium. Berkeley, USA: USENIX Association, 2012: 29.
    [26]
    Yang Z M, Yang M, Zhang Y, et al. Appintent: Analyzing sensitive data transmission in android for privacy leakage detection [C]// Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. Scottsdale, USA, ACM Press, 2013: 1 043-1 054.

    Related Articles

    [1]Zhiya Chen, Yuxi Chen, Hong Zhang. Sensitivity analysis for causal mediation analysis with Mendelian randomization[J]. JUSTC, 2024, 54(12): 1204. DOI: 10.52396/JUSTC-2023-0055
    [2]Wu Jie, Zhou Jia, Zheng Zemin. Subgroup analysis for multi-response regression[J]. JUSTC, 2021, 51(3): 216-227. DOI: 10.52396/JUST-2021-0053
    [3]LI Delong, ZHANG Ke, CUI Shitang, TANG Zhiping. Quasi-static axial compression properties of circular tube with periodic holes[J]. JUSTC, 2019, 49(9): 731-739. DOI: 10.3969/j.issn.0253-2778.2019.09.006
    [4]MIAO Yuqing, GAO Han, LIU Tonglai, WEN Yimin. Sentiment analysis based on grid clustering[J]. JUSTC, 2016, 46(10): 874-882. DOI: 10.3969/j.issn.0253-2778.2016.10.012
    [5]ZHAO Yajuan. Reliability analysis of group experts and testing of evaluation outcomes[J]. JUSTC, 2016, 46(2): 165-172. DOI: 10.3969/j.issn.0253-2778.2016.02.010
    [6]HUANG Hui, LU Yuliang, LIU Lintao, ZHAO Jun. A research on control-flow taint information directed symbolic execution[J]. JUSTC, 2016, 46(1): 21-27. DOI: 10.3969/j.issn.0253-2778.2016.01.004
    [7]HUANG Hui, LU Yuliang, LIU Lintao, ZHAO Jun. A source code oriented static detection method for integer overflow defects[J]. JUSTC, 2015, 45(7): 601-607.
    [8]XIE Lixia, DAI Qikui, YANG Hongyu. A network self-protection mechanism based on multivariate abnormality analysis[J]. JUSTC, 2011, 41(10): 915-923. DOI: 10.3969/j.issn.0253-2778.2011.10.012
    [9]YIN Ruochun, YAO Zhengquan, LI Yinghua, WANG Changming. Test and preliminary analysis of porcelains from Shouzhou kiln[J]. JUSTC, 2011, 41(1): 22-28. DOI: 10.3969/j.issn.0253-2778.2011.01.004
    [10]ZHANG Tian-lin, CHEN Yu-hang, HUANG Wen-hao, WANG Xiang. Analysis of tip effects in nanoindentation[J]. JUSTC, 2009, 39(4): 403-408.
    TrendMD
    Volume 44 Issue 10 PP. 853-861
    Cover

    Article Metrics

    Article views (73) PDF downloads (194)

    Copyright © Editorial Office of JUSTC, All Rights Reserved. 皖ICP备05002528号

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return