AnFlo: Detecting anomalous sensitive information flows in Android apps

Author

Biniam Fisseha DEMISSIE, Fondazione Bruno Kessler
Mariano CECCATO, Fondazione Bruno Kessler
Lwin Khin SHAR, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

5-2018

Abstract

Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive data is handled by an app which is vulnerable or malicious. Existing approaches that detect anomalous sensitive data flows have limitations in terms of accuracy because the definition of anomalous flows may differ for different apps with different functionalities; it is normal for “Health” apps to share heart rate information through the Internet but is anomalous for “Travel” apps. In this paper, we propose a novel approach to detect anomalous sensitive data flows in Android apps, with improved accuracy. To achieve this objective, we first group trusted apps according to the topics inferred from their functional descriptions. We then learn sensitive information flows with respect to each group of trusted apps. For a given app under analysis, anomalies are identified by comparing sensitive information flows in the app against those flows learned from trusted apps grouped under the same topic. In the evaluation, information flow is learned from 11,796 trusted apps. We then checked for anomalies in 596 new (benign) apps and identified 2 previously-unknown vulnerable apps related to anomalous flows. We also analyzed 18 malware apps and found anomalies in 6 of them.

Keywords

Android apps, Geolocations, Heart rates, Information flows, Sensitive data, Smartphone apps

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

MOBILESoft '18: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems, Gothenburg, Sweden, May 27-28

First Page

24

Last Page

34

ISBN

9781450357128

Identifier

10.1145/3197231.3197238

Publisher

ACM

City or Country

New York

Citation

DEMISSIE, Biniam Fisseha; CECCATO, Mariano; and SHAR, Lwin Khin. AnFlo: Detecting anomalous sensitive information flows in Android apps. (2018). MOBILESoft '18: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems, Gothenburg, Sweden, May 27-28. 24-34.
Available at: https://ink.library.smu.edu.sg/sis_research/4775

Copyright Owner and License

Publisher

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3197231.3197238