Abstract
The mobile device market is booming. This gains among others from the growing of application markets for those devices. In Android the applications (apps) are controlled by permissions of what they are allowed to do. The problem here is that many users do not pay attention to these permissions because they are rather complex and the user is informed about them only shortly before installing an app. In this paper we present APEFS, an infrastructure that enables a user to filter apps by permissions before trying to install them. Thereby it simplifies the usage of the permission system by allowing users to think about security and privacy before even searching for an app. We also enhance APEFS to not only filter by permissions but also by possible information flows, using static information flow analysis combined with runtime assertions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: principles, techniques, and tools. Pearson/Addison Wesley (2007)
Android-Apps on Google Play, https://play.google.com/store/apps
Android Developer’s Guide – Security and Permissions, http://developer.android.com/guide/topics/security/security.html
Androlyzer – Know more about your apps, http://www.androlyzer.com
Barrera, D., Kayacik, H.G., van Oorshot, P.C., Somayaji, A.: A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android. In: Proceedings of the ACM Conference on Computer and Communications Security (2010)
Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: MockDroid: Trading Privacy for Application Functionality on Smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile (2011)
Chaudhuri, A.: Language-Based Security on Android. In: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS (2009)
Enck, W.: Defending Users against Smartphone Apps: Techniques and Future Directions. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 49–70. Springer, Heidelberg (2011)
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI (2010)
Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS (2009)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2011)
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: ScanDroid: Automated Security Certification of Android Applications, http://www.cs.umd.edu/~avik/projects/scandroidascaa/paper.pdf (accessed March 14, 2012)
Gartner, Inc.: Gartner Says Worldwide Smartphone Sales Soared in Fourth Quarter of 2011 With 47 Percent Growth, http://www.gartner.com/it/page.jsp?id=1924314
Genaim, S., Spoto, F.: Information Flow Analysis for Java Bytecode. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 346–362. Springer, Heidelberg (2005)
Google+ Post by Andy Rubin, https://plus.google.com/u/0/112599748506977857728/posts/Btey7rJBaLF
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These Aren’t the Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2011)
Octeau, D., Enck, W., McDaniel, P.: The ded Decompiler. Tech. Rep. NAS-TR-0140-2010, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA (2010)
Smith, G.: Principles of secure information flow analysis. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection, pp. 291–307. Springer, Heidelberg (2007)
Teufl, P., Kraxberger, S., Orthacker, C., Lackner, G., Gissing, M., Marsalek, A., Leibetseder, J., Prevenhueber, O.: Android Market Analysis with Activation Patterns. In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds.) MobiSec 2011. LNICST, vol. 94, pp. 1–12. Springer, Heidelberg (2012)
Valle-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., Co, P.: Soot – a Java optimization framework. In: Proceedings of CASCON 1999 (1999)
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming Information-Stealing Smartphone Applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Meurer, S., Wismüller, R. (2012). APEFS: An Infrastructure for Permission-Based Filtering of Android Apps. In: Schmidt, A.U., Russello, G., Krontiris, I., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33392-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-33392-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33391-0
Online ISBN: 978-3-642-33392-7
eBook Packages: Computer ScienceComputer Science (R0)