Efficient, context-aware privacy leakage confinement for android applications without firmware modding

Mu Zhang, Heng Yin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

40 Scopus citations

Abstract

As Android has become the most prevalent operating system in mobile devices, privacy concerns in the Android platform are increasing. A mechanism for efficient runtime enforcement of informationflow security policies in Android apps is desirable to confine privacy leakage. The prior works towards this problem require firmware modification (i.e., modding) and incur considerable runtime overhead. Besides, no effective mechanism is in place to distinguish malicious privacy leakage from those of legitimate uses. In this paper, we take a bytecode rewriting approach. Given an unknown Android app, we selectively insert instrumentation code into the app to keep track of private information and detect leakage at runtime. To distinguish legitimate and malicious leaks, we model the user's decisions with a context-aware policy enforcement mechanism. We have implemented a prototype called Capper and evaluated its efficacy on confining privacy-breaching apps. Our evaluation on 4723 real-world Android applications demonstrates that Capper can effectively track and mitigate privacy leaks. Moreover, after going through a series of optimizations, the instrumentation code only represents a small portion (4.48% on average) of the entire program. The runtime overhead introduced by Capper is also minimal, merely 1.5% for intensive data propagation.

Original languageEnglish (US)
Title of host publicationASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages259-270
Number of pages12
ISBN (Electronic)9781450328005
DOIs
StatePublished - Jun 4 2014
Event9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014 - Kyoto, Japan
Duration: Jun 4 2014Jun 6 2014

Other

Other9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014
CountryJapan
CityKyoto
Period6/4/146/6/14

Keywords

  • Android
  • Bytecode rewriting
  • Context-aware policy
  • Privacy leakage

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems

Fingerprint Dive into the research topics of 'Efficient, context-aware privacy leakage confinement for android applications without firmware modding'. Together they form a unique fingerprint.

  • Cite this

    Zhang, M., & Yin, H. (2014). Efficient, context-aware privacy leakage confinement for android applications without firmware modding. In ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (pp. 259-270). Association for Computing Machinery, Inc. https://doi.org/10.1145/2590296.2590312