Comparing Mobile Privacy Protection through Cross-Platform Applications

Author

Jin HAN, Singapore Management University
Qiang YAN, Singapore Management UniversityFollow
Debin GAO, Singapore Management UniversityFollow
Jianying ZHOU
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

2-2013

Abstract

With the rapid growth of the mobile market, security of mobile platforms is receiving increasing attention from both research community as well as the public. In this paper, we make the first attempt to establish a baseline for security comparison between the two most popular mobile platforms. We investigate applications that run on both Android and iOS and examine the difference in the usage of their security sensitive APIs (SS-APIs). Our analysis over 2,600 applications shows that iOS applications consistently access more SS-APIs than their counterparts on Android. The additional privileges gained on iOS are often associated with accessing private resources such as device ID, camera, and users’ contacts. A possible explanation for this difference in SS-API usage is that privileges obtained by an application on the current iOS platform are invisible to end users. Our analysis shows that: 1) third-party libraries (specifically advertising and analytic libraries) on iOS invoke more SS-APIs than those on Android; 2) Android application developers avoid requesting unnecessary privileges which will be shown in the permission list during application installation. Considering the fact that an Android application may gain additional privileges with privilege-escalation attacks and iOS provides a more restricted privilege set accessible by third-party applications, our results do not necessarily imply that Android provides better privacy protection than iOS. However, our evidence suggests that Apple’s application vetting process may not be as effective as Android’s privilege notification mechanism, particularly in protecting sensitive resources from third-party applications.

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Proceedings of NDSS 2013: Network and Distributed System Security Symposium, 24-27 February, San Diego

Publisher

Internet Society

City or Country

Reston, VA

Citation

HAN, Jin; YAN, Qiang; GAO, Debin; ZHOU, Jianying; and DENG, Robert H.. Comparing Mobile Privacy Protection through Cross-Platform Applications. (2013). Proceedings of NDSS 2013: Network and Distributed System Security Symposium, 24-27 February, San Diego.
Available at: https://ink.library.smu.edu.sg/sis_research/1698

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://www.internetsociety.org/doc/comparing-mobile-privacy-protection-through-cross-platform-applications