Advertisement

Real-Time Monitoring of Privacy Abuses and Intrusion Detection in Android System

  • Shancang LiEmail author
  • Junhua Chen
  • Theodoros Spyridopoulos
  • Panagiotis Andriotis
  • Robert Ludwiniak
  • Gordon Russell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)

Abstract

In this paper, we investigated the definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems, which may be very useful for identifying the malicious apps from ’normal’ apps. We also investigated the injection technology, service binding, and service proxy in Android system, which are widely used by normal apps to steal privacy information. A real-time monitoring system (app) is developed on Android system to monitor potential privacy data abuse. The app is able to monitor permission requests for all installed apps as well as analyse the potential privacy abuse behaviors.

Keywords

Mobile Device Service Manager Short Message Service Proxy Service Original Service 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgments

This work was partially supported by the European Unions Prevention of and Fight against Crime Programme “Illegal Use of Internet” - ISEC 2010 Action Grants (HOME/ 2010/ISEC/AG/INT-002).

References

  1. 1.
    Chen, J.: Realtime monitoring of private data abuses in android system. M.Sc. Thesis, University of Bristol, September 2014Google Scholar
  2. 2.
    Ong, J.: Report: android reached record 85% smartphone market share in Q2 (2014). Xiaomi now fifth-largest vendor. http://thenextweb.com/google/2014/07/31/android-reached-record-85-smartphone-market-share-q2-2014-report/ (2014). Accessed 4 August 2014
  3. 3.
    Zhou, Y., Singh, K., Jiang, X.: Owner-centric protection of unstructured data on smartphones. In: Proceedings of the 7th International Conference on Trust and Trustworthy Computing (TRUST 2014), Crete, Greece, June 2014Google Scholar
  4. 4.
    Zhou, W., Wang, Z., Zhou, Y., Jiang, X.: DIVILAR: diversifying intermediate language for anti-repackaging on android platform. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY 2014), San Antonio, TX, March 2014Google Scholar
  5. 5.
    Kelly, J.: Report: 97% Of mobile malware is on android. This is the easy way you stay safe. http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/ (2014). Accessed 4 August 2014
  6. 6.
    Tang, W., Jin, G., He, J., Jiang, X.: Extending android security enforcement with a security distance model. In: IEEE 2011 International Conference on Internet Technology and Applications (iTAP), pp. 1–4 (2011)Google Scholar
  7. 7.
    Google play: clueful privacy advisor. Available from: https://play.google.com/store/apps/ (2014). Accessed 22 July 2014
  8. 8.
    Google play.: privacy scanner (Antispy) free. Available from: https://play.google.com/store/apps/details?id=net.hobbyapplications.privacyscanner (2014). Accessed 24 July 2014
  9. 9.
    Androids permissions system is broken and google just made it worse. Available from: http://www.howtogeek.com/177904/androids-permissions-system-is-broken-and-google-just-made-it-worse/ (2015). Accessed 15 February 2015
  10. 10.
    Gates, C.S., Chen, J., Li, N., Proctor, R.W.: Effective risk communication for android apps. IEEE Trans. Dependable Secur. Comput. 11(3), 252–265 (2014)CrossRefGoogle Scholar
  11. 11.
    Mobile safe. Available from: https://play.google.com/store/apps/details?id=com.qihoo360.mobilesafe (2014). Accessed 1 September 2014
  12. 12.
    Gargenta, A.: Deep Dive into android IPC binder framework at android builders summit. Available from: http://events.linuxfoundation.org/images/stories/slides/abs2013_gargentas.pdf (2013). Accessed 26 April 2014
  13. 13.
    Jiang, D., Fu, X., Song, M., Cui, Y: A security assessment method for android applications based on permission model. In: 2012 IEEE 2nd International Conference on Cloud Computing and Intelligent Systems (CCIS), vol. 2, pp. 701–705 (2012)Google Scholar
  14. 14.
    Kuzuno, H., Tonami, S.: Signature generation for sensitive information leakage in android applications. In: 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW), pp. 112–119 (2013)Google Scholar
  15. 15.
    Wei, T.E., Jeng, A.B., Lee, H.M., Chen, C.H., Tien, C.W.: Android privacy. In: 2012 IEEE International Conference onIn Machine Learning and Cybernetics (ICMLC), vol. 5, pp. 1830–1837 (2012)Google Scholar
  16. 16.
    Wu, L., Du, X., Fu, X.: Security threats to mobile multimedia applications: camera-based attacks on mobile phones. IEEE Commun. Mag. 52(3), 80–87 (2014)CrossRefGoogle Scholar
  17. 17.
    Cannon, T: Android data stealing vulnerability. Available from: http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/ (2010). Accessed 11 April 2014
  18. 18.
    Jiang, X.: Android 2.3 (Gingerbread) data stealing vulnerability. Available from: http://www.csc.ncsu.edu/faculty/jiang/nexuss.html (2011). Accessed 11 April 2014

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Shancang Li
    • 1
    Email author
  • Junhua Chen
    • 2
  • Theodoros Spyridopoulos
    • 2
  • Panagiotis Andriotis
    • 2
  • Robert Ludwiniak
    • 1
  • Gordon Russell
    • 1
  1. 1.School of ComputingEdinburgh Napier UniversityEdinburghUK
  2. 2.Cryptography GroupUniversity of BristolBristolUK

Personalised recommendations