mPrivacy: A Privacy Policy Engine and Safeguard Mechanism in Mobile Devices
Within the scope of mobile privacy, there are many attack methods that can leak users’ private information. The communication between applications can be used to violate permissions and access private information without asking for the user’s authorization. Hence, many researchers made protection mechanisms against privilege escalation. However, attackers can further utilize inference algorithms to derive new information out of available data or improve the information quality without violating privilege limits. In this work. we describe the notion of Information Escalation Attack and propose a detection and protection mechanism using Inference Graph and Policy Engine for the user to control their policy on the App’s privilege in information escalation. Our implementation results show that the proposed privacy protection service is feasible and provides good useability.