Abstract
In these years, the use of smartphones is spreading. Android is the most major smartphone OS in the world, and there are a lot of third-party application stores for Android. Such third-party stores make it easy to install third-party applications. However, these applications may access and obtain privacy information, in addition to their major functions. There is a survey showing that most users do not take good care of the settings about how their privacy information is handled by applications. Thus, privacy information abuse by authorized application is becoming a serious problem. In this paper, we propose a method to detect applications that access privacy information unrelated to their functionalities by analyzing API call logs, which can reveal the activities of the application. In order to record API call logs, we modified the Android source code, and run the rebuilt system on an emulator. We analyzed applications’ API call logs with a statistical method, based on the frequency of privacy information accessing and network activities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
https://developer.android.com/about/dashboards/index.html (at March 2018).
- 3.
- 4.
- 5.
- 6.
- 7.
References
International Data Corporation. Smartphone OS marcket share. https://www.idc.com/promo/smartphone-market-share/os
Information technology Promotion Agency. A survey of awareness of the threat of information security in 2016. http://www.ipa.go.jp/files/000056568.pdf. (in Japanese)
Kim, J., Yoon, Y., Yi, K., Shin, J.: Scandal: static analyzer for detecting privacy leaks in android applications. In: Mobile Security Technologies, vol. 12 (2012)
Hosoya, R., Tsunoda, Y., Mori, T., Saito, T.: Measurement study of the privacy information collected by mobile apps. In: Computer Security Symposium, pp. 553–560, September 2017. (in Japanese)
Mann, C., Starostin, A.: A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1457–1462 (2012)
Han, C., Matsumoto, S., Kawamoto, J., Sakurai, K.: Classified by the API call record and personal information leakage detection of android malware. Inf. Process. Soc. Jpn. 3A–4, 1–8 (2016). (in Japanese)
Hatada, M., Mori, T.: Detecting android PUAs and classifying its variants with analysis of DNS queries. In: Computer Security Symposium, pp. 1068–1075, September 2017. (in Japanese)
Do, Q., Martini, B., Choo, K.-K.R.: Enhancing user privacy on android mobile devices via permissions removal. In: 2014 47th Hawaii International Conference on System Sciences (HICSS), pp. 5070–5079 (2014)
Gibler, C., Crussell, J., Erickson, J., Chen, H.: Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In: International Conference on Trust and Trustworthy Computing, pp. 291–307 (2012)
Zhang, M., Yin, H.: Efficient, context-aware privacy leakage confinement for android applications without firmware modding. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 259–270 (2014)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: International Conference on Information Security, pp. 346–360 (2010)
Chen, Y., Khandaker, M., Wang, Z.: Pinpointing vulnerabilities. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 334–345 (2017)
Chen, Y., Zhang, Y., Wang, Z., Xia, L., Bao, C., Wei, T.: Adaptive android kernel live patching. In: Proceedings of the 26th USENIX Security Symposium (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Ito, K., Hasegawa, H., Yamaguchi, Y., Shimada, H. (2018). Detecting Privacy Information Abuse by Android Apps from API Call Logs. In: Inomata, A., Yasuda, K. (eds) Advances in Information and Computer Security. IWSEC 2018. Lecture Notes in Computer Science(), vol 11049. Springer, Cham. https://doi.org/10.1007/978-3-319-97916-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-97916-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-97915-1
Online ISBN: 978-3-319-97916-8
eBook Packages: Computer ScienceComputer Science (R0)