Automating Privacy Testing of Smartphone Applications
نویسندگان
چکیده
Smartphones have revolutionized mobile computing, but have created concerns that many third-party mobile applications do not properly handle users’ privacy-sensitive data. In this paper, we propose AppInspector, an automated privacy validation system that analyzes apps and generates reports of potential privacy risks. A key insight is that distinguishing acceptable disclosures from privacy violations often requires analyzing the context in which data is transmitted. Just knowing that sensitive data has left a device is insufficient. We describe our vision for making smartphone apps more secure through automated testing and outline key challenges such as detecting and analyzing privacy violations, ensuring thorough test coverage, and scaling to large numbers of apps.
منابع مشابه
Privacy in location-based social networks: Researching the interrelatedness of scripts and usage
With the increasing adoption of smartphones, location-based social networks and applications gain widespread popularity. However, the disclosure of location information within these networks can cause privacy concerns among mobile users. In most of the research on privacy in location-based social networks, technology is researched as a context factor for explaining privacy related behavior. In ...
متن کاملIdentifying Educational Contents and Technical Features of a Self-Management Smartphone Application for Women with Breast Cancer
Background and Objective: Breast cancer patients need a variety of skills and abilities to deal with the consequences of the illness. Self-management is one of the operational strategies that leads to disease acceptance, treatment adherence, and improving the quality of life. The use of smartphone applications (apps) can play a pivotal role in the support and self-management of breast cancer pa...
متن کاملRevealing Privacy-Impacting Behavior Patterns of Smartphone Applications
Smartphone application usage impacts users’ privacy. However, due to the lack of an appropriate level of insight into sensitive information processing, users are not in the position to assess the extent of impact. In this paper, we propose an information-flow monitoring and privacy awareness-raising system that provides users with comprehensible information on how their privacy is impacted by l...
متن کاملSecurity and Privacy of Smartphone Messaging Applications1
In recent years mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to the security and privacy of these applications. Various security researchers and institutions have performed in-depth analyses of specific applications or vulnerabilities. This paper gives an overview of the status quo in term...
متن کاملAutomation of Smartphone Traffic Generation in a Virtualized Environment
Scalable and comprehensive analysis of rapidly evolving mobile device application traffic is extremely important but a challenging problem for the Deep Packet Inspection (DPI) engines to perform effective policy management. We present a test framework in which a test driver can automate/orchestrate traffic generation by invoking appropriate method (intent) of real mobile applications (as oppose...
متن کامل