Skip to main content
SpringerLink
Log in

Detecting Privacy Information Abuse by Android Apps from API Call Logs

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11049))

Included in the following conference series:

Abstract

In these years, the use of smartphones is spreading. Android is the most major smartphone OS in the world, and there are a lot of third-party application stores for Android. Such third-party stores make it easy to install third-party applications. However, these applications may access and obtain privacy information, in addition to their major functions. There is a survey showing that most users do not take good care of the settings about how their privacy information is handled by applications. Thus, privacy information abuse by authorized application is becoming a serious problem. In this paper, we propose a method to detect applications that access privacy information unrelated to their functionalities by analyzing API call logs, which can reveal the activities of the application. In order to record API call logs, we modified the Android source code, and run the rebuilt system on an emulator. We analyzed applications’ API call logs with a statistical method, based on the frequency of privacy information accessing and network activities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.1mobile.com/.

  2. 2.

    https://developer.android.com/about/dashboards/index.html (at March 2018).

  3. 3.

    https://developer.android.com/guide/topics/security/permissions.html.

  4. 4.

    https://developer.android.com/studio/index.html.

  5. 5.

    https://android.googlesource.com/.

  6. 6.

    https://microg.org/.

  7. 7.

    https://apkpure.com/jp/.

References

  1. International Data Corporation. Smartphone OS marcket share. https://www.idc.com/promo/smartphone-market-share/os

  2. Information technology Promotion Agency. A survey of awareness of the threat of information security in 2016. http://www.ipa.go.jp/files/000056568.pdf. (in Japanese)

  3. Kim, J., Yoon, Y., Yi, K., Shin, J.: Scandal: static analyzer for detecting privacy leaks in android applications. In: Mobile Security Technologies, vol. 12 (2012)

    Google Scholar 

  4. Hosoya, R., Tsunoda, Y., Mori, T., Saito, T.: Measurement study of the privacy information collected by mobile apps. In: Computer Security Symposium, pp. 553–560, September 2017. (in Japanese)

    Google Scholar 

  5. Mann, C., Starostin, A.: A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1457–1462 (2012)

    Google Scholar 

  6. Han, C., Matsumoto, S., Kawamoto, J., Sakurai, K.: Classified by the API call record and personal information leakage detection of android malware. Inf. Process. Soc. Jpn. 3A–4, 1–8 (2016). (in Japanese)

    Google Scholar 

  7. Hatada, M., Mori, T.: Detecting android PUAs and classifying its variants with analysis of DNS queries. In: Computer Security Symposium, pp. 1068–1075, September 2017. (in Japanese)

    Google Scholar 

  8. Do, Q., Martini, B., Choo, K.-K.R.: Enhancing user privacy on android mobile devices via permissions removal. In: 2014 47th Hawaii International Conference on System Sciences (HICSS), pp. 5070–5079 (2014)

    Google Scholar 

  9. Gibler, C., Crussell, J., Erickson, J., Chen, H.: Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In: International Conference on Trust and Trustworthy Computing, pp. 291–307 (2012)

    Chapter  Google Scholar 

  10. Zhang, M., Yin, H.: Efficient, context-aware privacy leakage confinement for android applications without firmware modding. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 259–270 (2014)

    Google Scholar 

  11. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: International Conference on Information Security, pp. 346–360 (2010)

    Google Scholar 

  12. Chen, Y., Khandaker, M., Wang, Z.: Pinpointing vulnerabilities. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 334–345 (2017)

    Google Scholar 

  13. Chen, Y., Zhang, Y., Wang, Z., Xia, L., Bao, C., Wei, T.: Adaptive android kernel live patching. In: Proceedings of the 26th USENIX Security Symposium (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Informatics, Nagoya University, Nagoya, Japan

    Katsutaka Ito

  2. Information Strategy Office, Nagoya University, Nagoya, Japan

    Hirokazu Hasegawa

  3. Information Technology Center, Nagoya University, Nagoya, Japan

    Yukiko Yamaguchi & Hajime Shimada

Authors
  1. Katsutaka Ito
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hirokazu Hasegawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yukiko Yamaguchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hajime Shimada
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Katsutaka Ito .

Editor information

Editors and Affiliations

  1. Tokyo Denki University, Tokyo, Japan

    Atsuo Inomata

  2. Nippon Telegraph and Telephone Corporation, Tokyo, Japan

    Kan Yasuda

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ito, K., Hasegawa, H., Yamaguchi, Y., Shimada, H. (2018). Detecting Privacy Information Abuse by Android Apps from API Call Logs. In: Inomata, A., Yasuda, K. (eds) Advances in Information and Computer Security. IWSEC 2018. Lecture Notes in Computer Science(), vol 11049. Springer, Cham. https://doi.org/10.1007/978-3-319-97916-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-97916-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-97915-1

  • Online ISBN: 978-3-319-97916-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation