Detecting Privacy Leaks in Android Apps
نویسندگان
چکیده
The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to intercomponent communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we explicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.
منابع مشابه
Using An Instrumentation based Approach to Detect Inter-Component Leaks in Android Apps
The success of the Android OS in its user base as well as in its developer base can partly be attributed to its communication model, named Inter-Component Communication (ICC), which promotes the development of loosely-coupled applications. By dividing applications into components that can exchange data within a single application and across several applications, Android encourages software reus...
متن کاملAndroid Privacy Leak Detection via Dynamic Taint Analysis
Android is a popular Linux-based smartphone operating system designed by Google. One of the primary adantages of Android is its relatively high level of security, centered on Unix processes and an explicit permissions system. Unfortunately, Android devices are still vulnerable to several types of attacks, a particularly concerning one being privacy leaks. Since devices store a large amount of s...
متن کاملChecking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting
Serious concerns have been raised about stealthy disclosures of private user data in smartphone apps, and recent research efforts in mobile security have studied various mechanisms to detect privacy disclosures. However, existing approaches are not effective in informing users and security analysts about potential privacy leakage threats. This is because these methods largely fail to 1) provide...
متن کاملDetecting Passive Content Leaks and Pollution in Android Applications
In this paper, we systematically study two vulnerabilities and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unprotected Android component, i.e., content provider, inside vulnerable apps. Because of the lack of necessary access control enforcement, affected apps can be exploited to either passively disclose various types of private in-ap...
متن کاملA Longitudinal Study of PII Leaks Across Android App Versions
Is mobile privacy getting better or worse over time? In this paper, we address this question by studying privacy leaks from historical and current versions of 512 popular Android apps, covering 7,665 app releases over 8 years of app version history. Through automated and scripted interaction with apps and analysis of the network traffic they generate on real mobile devices, we identify how priv...
متن کامل