Skip to main content
SpringerLink
Log in

A Unified Model for Detecting Privacy Leakage on Android

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10656))

Abstract

Since Android application may leak user’s private information, the issue of Android privacy leakage has rasied significant concerns. Various approaches are proposed to detect privacy leakage with different indicators to determine privacy leaks. In this paper, we propose a unified security model to determine privacy leakage. Our unified model includes three typical indicators for detecting privacy leaks, which are sensitive transmission, user intention and application behavior. The proposed model formalizes privacy leakage behavior based on information flows and state transitions. We identify three typical frameworks of privacy leakage. By analyzing the security model, it is feasible to use our model to implement three typical frameworks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Liang, H., Wu, D., Xu, J., Ma, H.: Survey on privacy protection of android devices. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 241–246. IEEE (2015)

    Google Scholar 

  2. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

    Google Scholar 

  3. Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) TRUST 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_17

    Chapter  Google Scholar 

  4. Mann, C., Starostin, A.: A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1457–1462. ACM (2012)

    Google Scholar 

  5. Kim, J., Yoon, Y., Yi, K., Shin, J., Center, S.: Scandal: static analyzer for detecting privacy leaks in android applications. In: MoST, vol. 12 (2012)

    Google Scholar 

  6. McClurg, J., Friedman, J., Ng, W.: Android privacy leak detection via dynamic taint analysis. EECS 450, 2013 (2013)

    Google Scholar 

  7. Yang, Z., Yang, M.: Leakminer: detect information leakage on android with static taint analysis. In: 2012 Third World Congress on Software Engineering (WCSE), pp. 101–104. IEEE (2012)

    Google Scholar 

  8. Matsumoto, S., Sakurai, K.: A proposal for the privacy leakage verification tool for android application developers. In: Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, p. 54. ACM (2013)

    Google Scholar 

  9. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  10. Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. In: Proceedings of the 22nd USENIX Security Symposium, pp. 543–558 (2013)

    Google Scholar 

  11. Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1329–1341. ACM (2014)

    Google Scholar 

  12. Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., McDaniel, P.: IccTA: detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 280–291. IEEE Press (2015)

    Google Scholar 

  13. Bosu, A., Liu, F., Yao, D.D., Wang, G.: Collusive data leak and more: large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 71–85. ACM (2017)

    Google Scholar 

  14. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)

    Article  Google Scholar 

  15. Gilbert, P., Chun, B.-G., Cox, L., Jung, J.: Automating privacy testing of smartphone applications. Duke University (2011)

    Google Scholar 

  16. Zhang, M., Yin, H.: Efficient, context-aware privacy leakage confinement for android applications without firmware modding. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 259–270. ACM (2014)

    Google Scholar 

  17. Chen, K.Z., Johnson, N.M., D’Silva, V., Dai, S., MacNamara, K., Magrino, T.R., Wu, E.X., Rinard, M., Song, D.X.: Contextual policy enforcement in android applications with permission event graphs. In: NDSS (2013)

    Google Scholar 

  18. Yang, Z., Yang, M., Zhang, Y., Gu, G., Ning, P., Wang, X.S.: Appintent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1043–1054. ACM (2013)

    Google Scholar 

  19. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)

    Google Scholar 

  20. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6

    Chapter  Google Scholar 

  21. Chen, X., Zhu, S.: DroidJust: automated functionality-aware privacy leakage analysis for android applications. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, p. 5. ACM (2015)

    Google Scholar 

  22. Rosen, S., Qian, Z., Mao, Z.M.: AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 221–232. ACM (2013)

    Google Scholar 

  23. Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 611–622. ACM (2013)

    Google Scholar 

Download references

Acknowledgments

This research is supported in part by China MOE Doctoral Research Fund (No. 20134407120017), Guangdong Nature Science Fund (No. S2012030006242).

Author information

Authors and Affiliations

  1. School of Computer Science, South China Normal University, Guangzhou, 510631, China

    Xueqi Ren, Xinming Wang, Hua Tang, Zhaohui Ma, Jiechao Wu & Gansen Zhao

  2. School of Information Science and Technology, Guangdong University of Foreign Studies, Guangzhou, 510420, China

    Zhaohui Ma

Authors
  1. Xueqi Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinming Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hua Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhaohui Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jiechao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Gansen Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gansen Zhao .

Editor information

Editors and Affiliations

  1. Guangzhou University , Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ren, X., Wang, X., Tang, H., Ma, Z., Wu, J., Zhao, G. (2017). A Unified Model for Detecting Privacy Leakage on Android. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72389-1_38

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72388-4

  • Online ISBN: 978-3-319-72389-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation