Privacy Analysis of Android Apps: Implicit Flows and Quantitative Analysis
نویسندگان
چکیده
A static analysis is presented, based on the theory of abstract interpretation, for verifying privacy policy compliance by mobile applications. This includes instances where, for example, the application releases the user’s location or device ID without authorization. It properly extends previous work on datacentric semantics for verification of privacy policy compliance by mobile applications by (i) tracking implicit information flow, and (ii) performing a quantitative analysis of information leakage. This yields to a novel combination of qualitative and quantitative analyses of information flows in mobile applications.
منابع مشابه
Detection of Illegal Control Flow in Android System: Protecting Private Data Used by Smartphone Apps
Today, security is a requirement for smartphone operating systems that are used to store and handle sensitive information. However, smartphone users usually download third-party applications that can leak personal data without user authorization. For this reason, the dynamic taint analysis mechanism is used to control the manipulation of private data by third-party apps [9]. But this technique ...
متن کاملAutomated Analysis of Privacy Requirements for Mobile Apps
Mobile apps have to satisfy various privacy requirements. App publishers are often obligated to provide a privacy policy and notify users of their apps’ privacy practices. But how can we tell whether an app behaves as its policy promises? In this study we introduce a scalable system to help analyze and predict Android apps’ compliance with privacy requirements. Our system is not only intended f...
متن کاملDetecting Privacy Leaks in Android Apps
The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect...
متن کاملDoes the Android Permission System Provide Adequate Information Privacy Protection for End-users of Mobile Apps?
This paper investigates the Android permission system and its adequacy in alerting end-users of potential information privacy risks in an app. When an end-user seeks to install an app, they are presented with the required permissions and make a supposedly informed decision as to whether to install that app based on the permissions presented. The results from an analysis of ten popular apps indi...
متن کاملAlde: Privacy Risk Analysis of Analytics Libraries in the Android Ecosystem
While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. He...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015