Unmasking Privacy Leakage through Android Apps Obscured with Hidden Permissions

2021 ◽  
Author(s):  
Pranav Kotak ◽  
Shweta Bhandari ◽  
Akka Zemmari ◽  
Jaykrishna Joshi
Keyword(s):  
Android Apps ◽  
Privacy Leakage

PDroid: Detecting Privacy Leakage on Android

2014 ◽  
Vol 556-562 ◽  
pp. 2658-2662 ◽  
Author(s):  
Pu Han Zhang ◽  
Jing Zhe Li ◽  
Shuai Shao ◽  
Peng Wang
Keyword(s):  
Data Flow ◽  
Programming Model ◽  
Flow Analysis ◽  
Prototype System ◽  
Sensitive Information ◽  
Sensitive Data ◽  
Data Flow Analysis ◽  
Call Graph ◽  
Android Apps ◽  
Privacy Leakage

The prevalence of Android makes it face the severe security threats from malicious apps. Many Android malware can steal users’ sensitive data and leak them out. The data flow analysis is a popular technique used to detect privacy leakages by tracking the sensitive information flow statically. In practice, an effective data flow analysis should employ inter-procedure information tracking. However, the Android event-driven programming model brings a challenge to construct the call graph (CG) for a target app. This paper presents a method which employs the inter-procedural and context-sensitive data flow analysis to detect privacy leakage in Android apps. To make the analysis accurate, a flow-sensitive and points-to call target analysis is employed to construct and improve the call graph. A prototype system, called PDroid, has been implemented and applied to some real malware. The experiment shows that our method can effective detect the privacy leakages cross multiple method call instances.

scholarly journals SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks

Entropy ◽  
2021 ◽  
Vol 23 (11) ◽  
pp. 1489
Author(s):  
Guangwu Hu ◽  
Bin Zhang ◽  
Xi Xiao ◽  
Weizhe Zhang ◽  
Long Liao ◽  
...  
Keyword(s):  
Machine Learning ◽  
Location Privacy ◽  
Source Code ◽  
Identification Accuracy ◽  
Taint Analysis ◽  
True Negative ◽  
Identification Rate ◽  
Android Apps ◽  
Privacy Leakage ◽  
Static Code Analysis

Insecure applications (apps) are increasingly used to steal users’ location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely on statically analyzing source code or dynamically monitoring the location data flow, identification accuracy is still under research, since the analysis results contain a certain false positive or true negative rate. In order to improve the accuracy and reduce the misjudging rate in the process of vetting suspicious apps, this paper proposes SAMLDroid, a combined method of static code analysis and machine learning for identifying Android apps with location privacy leakage, which can effectively improve the identification rate compared with existing methods. SAMLDroid first uses static analysis to scrutinize source code to investigate apps with location acquiring intentions. Then it exploits a well-trained classifier and integrates an app’s multiple features to dynamically analyze the pattern and deliver the final verdict about the app’s property. Finally, it is proved by conducting experiments, that the accuracy rate of SAMLDroid is up to 98.4%, which is nearly 20% higher than Apparecium.

Tracing or Tracking? A Preliminary Analysis of COVID-19 Outbreak Tracker Apps on Android and User Privacy (Preprint)

2020 ◽  
Author(s):  
Alex Akinbi ◽  
Ehizojie Ojie
Keyword(s):  
Preliminary Analysis ◽  
Service Providers ◽  
User Participation ◽  
Memory Storage ◽  
Phone Call ◽  
Contact Tracing ◽  
Privacy Rights ◽  
User Privacy ◽  
Android Apps ◽  
User Data

BACKGROUND Technology using digital contact tracing apps has the potential to slow the spread of COVID-19 outbreaks by recording proximity events between individuals and alerting people who have been exposed. However, there are concerns about the abuse of user privacy rights as such apps can be repurposed to collect private user data by service providers and governments who like to gather their citizens’ private data. OBJECTIVE The objective of our study was to conduct a preliminary analysis of 34 COVID-19 trackers Android apps used in 29 individual countries to track COVID-19 symptoms, cases, and provide public health information. METHODS We identified each app’s AndroidManifest.xml resource file and examined the dangerous permissions requested by each app. RESULTS The results in this study show 70.5% of the apps request access to user location data, 47% request access to phone activities including the phone number, cellular network information, and the status of any ongoing calls. 44% of the apps request access to read from external memory storage and 2.9% request permission to download files without notification. 17.6% of the apps initiate a phone call without giving the user option to confirm the call. CONCLUSIONS The contributions of this study include a description of these dangerous permissions requested by each app and its effects on user privacy. We discuss principles that must be adopted in the development of future tracking and contact tracing apps to preserve the privacy of users and show transparency which in turn will encourage user participation.

On the Relation between Code Elements and Accessibility Issues in Android Apps

2020 ◽  
Author(s):  
Henrique Neves da Silva ◽  
Andre Takeshi Endo ◽  
Marcelo Medeiros Eler ◽  
Silvia Regina Vergilio ◽  
Vinicius H. S. Durelli
Keyword(s):  
Android Apps ◽  
Accessibility Issues

scholarly journals Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement

2019 ◽  
Vol 14 (2) ◽  
pp. 1-29 ◽  
Author(s):  
Oliviero Riganelli ◽  
Daniela Micucci ◽  
Leonardo Mariani
Keyword(s):  
Runtime Enforcement ◽  
Android Apps

Scalable Privacy-preserving Geo-distance Evaluation for Precision Agriculture IoT Systems

2021 ◽  
Vol 17 (4) ◽  
pp. 1-30
Author(s):  
Qiben Yan ◽  
Jianzhi Lou ◽  
Mehmet C. Vuran ◽  
Suat Irmak
Keyword(s):  
Precision Agriculture ◽  
Evaluation System ◽  
Privacy Preserving ◽  
Large Network ◽  
Additional Information ◽  
Modern Agriculture ◽  
Iot Applications ◽  
Privacy Leakage ◽  
Practical Performance ◽  
Real World Datasets

Precision agriculture has become a promising paradigm to transform modern agriculture. The recent revolution in big data and Internet-of-Things (IoT) provides unprecedented benefits including optimizing yield, minimizing environmental impact, and reducing cost. However, the mass collection of farm data in IoT applications raises serious concerns about potential privacy leakage that may harm the farmers’ welfare. In this work, we propose a novel scalable and private geo-distance evaluation system, called SPRIDE, to allow application servers to provide geographic-based services by computing the distances among sensors and farms privately. The servers determine the distances without learning any additional information about their locations. The key idea of SPRIDE is to perform efficient distance measurement and distance comparison on encrypted locations over a sphere by leveraging a homomorphic cryptosystem. To serve a large user base, we further propose SPRIDE+ with novel and practical performance enhancements based on pre-computation of cryptographic elements. Through extensive experiments using real-world datasets, we show SPRIDE+ achieves private distance evaluation on a large network of farms, attaining 3+ times runtime performance improvement over existing techniques. We further show SPRIDE+ can run on resource-constrained mobile devices, which offers a practical solution for privacy-preserving precision agriculture IoT applications.

Sign in / Sign up

Export Citation Format

Share Document