Skip to main content
SpringerLink
Log in
Book cover

International Conference on Applied Cryptography and Network Security

ACNS 2020: Applied Cryptography and Network Security Workshops pp 490–507Cite as

MobHide: App-Level Runtime Data Anonymization on Mobile

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12418))

Abstract

Developers of mobile apps gather a lot of user’s personal information at runtime by exploiting third-party analytics libraries, without keeping the owner (i.e., the user) of such information in the loop. We argue that this is somehow paradoxical. To overcome this limitation, in this paper, we discuss a methodology (i.e., MobHide), allowing the user to choose a different privacy level for each app installed on her device. According to the user’s preferences, MobHide anonymizes the data collected by the analytics libraries before sending them to the app developers, through a fruitful combination of data anonymization techniques. More in detail, the methodology enables to i) analyze all the network traffic generated by the invocation of analytics libraries, ii) anonymize the personal and device data using a generalization technique, and the events related to the user’s behavior by exploiting local differential privacy, and iii) send the anonymized data to the developers.

We empirically assessed the viability of the approach on Android, by implementing the methodology as an Android app, i.e., HideDroid, that relies on the VPN service provided by Google to intercept all network requests. Our preliminary experiments - carried out on a real app (i.e., Duolingo) - are promising, and suggest that runtime data anonymization on mobile is feasible nowadays, as it negligibly impacts the app performance.

This work was partially funded by the Horizon 2020 project “Strategic Programs for Advanced Research and Technology in Europe” (SPARTA).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/.

  2. 2.

    https://developers.facebook.com/docs/graph-api/reference/application/activities/.

  3. 3.

    https://firebase.google.com/docs/analytics/get-started.

  4. 4.

    https://firebase.google.com/docs/analytics/get-started.

  5. 5.

    https://developers.facebook.com/docs/graph-api/reference/application/activities/.

  6. 6.

    https://developer.yahoo.com/flurry/docs/.

  7. 7.

    https://developer.android.com/reference/android/net/VpnService.

  8. 8.

    https://docs.couchbase.com/couchbase-lite/current/java-android.html.

  9. 9.

    https://github.com/iBotPeaches/Apktool.

  10. 10.

    https://developer.android.com/training/articles/security-config.

  11. 11.

    https://play.google.com/store/apps/details?id=com.duolingo&hl=en.

References

  1. Android 7.0 news. https://developer.android.com/about/versions/nougat/android-7.0#network_security_config. Accessed 27 May 2020

  2. Droidplugin. https://github.com/DroidPluginTeam/DroidPlugin. Accessed 27 May 2020

  3. Exodus privacy. https://reports.exodus-privacy.eu.org/en/trackers/stats/. Accessed 27 May 2020

  4. Firebase log event. https://firebase.google.com/docs/reference/android/com/google/firebase/analytics/FirebaseAnalytics.Event. Accessed 27 May 2020

  5. Transparent proxy TLS. https://docs.mitmproxy.org/stable/concepts-modes/. Accessed 27 May 2020

  6. VirtualApp. https://github.com/asLody/VirtualApp. Accessed 27 May 2020

  7. Aonzo, S., Georgiu, G.C., Verderame, L., Merlo, A.: Obfuscapk: an open-source black-box obfuscation tool for android apps. SoftwareX 11, 100403 (2020). https://doi.org/10.1016/j.softx.2020.100403, http://www.sciencedirect.com/science/article/pii/S2352711019302791

  8. Armando, A., Costa, G., Merlo, A., Verderame, L.: Enabling BYOD through secure meta-market, pp. 219–230 (2014). https://doi.org/10.1145/2627393.2627410

  9. Armando, A., Merlo, A., Verderame, L.: Trusted host-based card emulation. In: 2015 International Conference on High Performance Computing & Simulation (HPCS), pp. 221–228. IEEE (2015)

    Google Scholar 

  10. Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: MockDroid: trading privacy for application functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile 2011. Association for Computing Machinery, New York (2011)

    Google Scholar 

  11. Chen, T., Ullah, I., Kaafar, M.A., Boreli, R.: Information leakage through mobile analytics services. In: Proceedings of the 15th Workshop on Mobile Computing Systems and Applications (2014)

    Google Scholar 

  12. Cormode, G., Srivastava, D.: Anonymized data: generation, models, usage. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of data (2009)

    Google Scholar 

  13. Dwork, C., Roth, A., et al.: The algorithmic foundations of differential privacy. Found. Trends® Theor. Comput. Sci. 9(3–4), 211–407 (2014)

    MathSciNet  MATH  Google Scholar 

  14. He, Y., Yang, X., Hu, B., Wang, W.: Dynamic privacy leakage analysis of android third-party libraries. J. Inf. Secur. Appl. 46, 259–270 (2019)

    Google Scholar 

  15. Kullback, S.: Information Theory and Statistics. Courier Corporation, North Chelmsford (1997)

    MATH  Google Scholar 

  16. Li, N., Li, T., Venkatasubramanian, S.: t-Closeness: privacy beyond k-anonymity and l-diversity. In: 2007 IEEE 23rd International Conference on Data Engineering. IEEE (2007)

    Google Scholar 

  17. Liu, X., Liu, J., Zhu, S., Wang, W., Zhang, X.: Privacy risk analysis and mitigation of analytics libraries in the android ecosystem. IEEE Trans. Mob. Comput. 19(5), 1184–1199 (2020)

    Article  Google Scholar 

  18. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data (TKDD) 1(1), 3 (2007)

    Article  Google Scholar 

  19. Razaghpanah, A., et al.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem (2018)

    Google Scholar 

  20. Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries

    Google Scholar 

  21. Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(05), 571–588 (2002)

    Article  MathSciNet  Google Scholar 

  22. Vallina-Rodriguez, N., et al.: Tracking the trackers: towards understanding the mobile advertising and tracking ecosystem. arXiv preprint arXiv:1609.07190 (2016)

  23. Verderame, L., Caputo, D., Romdhana, A., Merlo, A.: On the (un)reliability of privacy policies in android apps. In: Proceedings of the IEEE International Joint Conference on Neural Networks (IJCNN 2020), Glasgow, UK, July 2020

    Google Scholar 

  24. Zhang, H., Hao, Y., Latif, S., Bassily, R., Rountev, A.: A study of event frequency profiling with differential privacy. In: Proceedings of the 29th International Conference on Compiler Construction, CC 2020. Association for Computing Machinery, New York (2020)

    Google Scholar 

  25. Zhang, H., Latif, S., Bassily, R., Rountev, A.: Privaid: Differentially-private event frequency analysis for google analytics in android apps

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DIBRIS - University of Genova, Via Dodecaneso, 35, 16146, Genova, Italy

    Davide Caputo, Luca Verderame & Alessio Merlo

Authors
  1. Davide Caputo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luca Verderame
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessio Merlo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessio Merlo .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Padua, Padua, Italy

    Mauro Conti

  3. Singapore University of Technology and Design, Singapore, Singapore

    Chuadhry Mujeeb Ahmed

  4. The University of Hong Kong, Hong Kong, Hong Kong

    Man Ho Au

  5. ICIS, Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

  6. University of California, Irvine, CA, USA

    Zhou Li

  7. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  8. University of Padua, Padua, Italy

    Eleonora Losiouk

  9. University of Kansas, Lawrence, KS, USA

    Bo Luo

  10. CIISE, Concordia University, Montréal, QC, Canada

    Suryadipta Majumdar

  11. Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  12. AppGate Inc., Bogotá, Colombia

    Martín Ochoa

  13. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  14. Stevens Institute of Technology, Hoboken, NJ, USA

    Georgios Portokalidis

  15. City University of Hong Kong, Hong Kong, China

    Cong Wang

  16. Chinese University of Hong Kong, Shatin, Hong Kong

    Kehuan Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Caputo, D., Verderame, L., Merlo, A. (2020). MobHide: App-Level Runtime Data Anonymization on Mobile. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2020. Lecture Notes in Computer Science(), vol 12418. Springer, Cham. https://doi.org/10.1007/978-3-030-61638-0_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-61638-0_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-61637-3

  • Online ISBN: 978-3-030-61638-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation