Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

7-2013

Abstract

Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for end users to take preventive measures. Hence, users often cannot reconcile the way they have used an application to a reported leak — i.e., they are unable to comprehend the (il)legitimacy of the leak or make a decision on whether to allow the leak. This paper aims to demonstrate the feasibility and benefits of identifying the causes of leaks from a user’s point of view, which we call mobile forensics of privacy leaks. Its goal is to correlate user actions to leaks, and report the causes from a user-oriented perspective. To make the case, we have performed a preliminary study that identifies leak causes based on logs of user actions in more than 220 Android applications and corresponding leak reports from a leak detection tool. Our results show that more than 60% of the 105 applications (of the 220 we sampled) that leak private data leak data do so due to user actions on certain in-application GUI widgets. About 44% also leak data right after users launch them, while 32% leak data periodically after launch. We also constructed a database containing leak causes from all tested apps, and demonstrated the use of visual overlays to warn users about potential leaks.

Discipline

Information Security | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

APSys '13: Proceedings of the 4th Asia-Pacific Workshop on Systems, Singapore, July 29-30, 2013

First Page

1

Last Page

7

ISBN

9781450323161

Identifier

10.1145/2500727.2500733

Publisher

ACM

City or Country

New York

Additional URL

http://dx.doi.org/10.1145/2500727.2500733

Download

Share

COinS