poster

App2SecApp: privacy protection from Android applications

Authors:

Parjanya Vyas,

RK Shyamasundar,

Bhagyesh PatilAuthors Info & Claims

SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

Pages 908 - 911

https://doi.org/10.1145/3412841.3442102

Published: 22 April 2021 Publication History

Get Access

Abstract

In this paper, we develop a wrapper that is capable of detecting the flow of sensitive data outside the application's sandbox. The wrapper acts as an extension to the apps. A single entry point in an Android app does not exist, therefore it is challenging to analyze the flow of information just through static analysis. Our approach detects possible leaks through a safe real-time monitoring of the application, with the advantage that it neither requires any access to the app's code, nor does it require an apk analysis. We transform the app by placing a wrapper around the app, called App2SecApp, to ensures safe executional monitoring in terms of: (1) behavioral invariance of the app, and (2) monitoring of sensitive API calls and prompting the user, if there is a possible leakage from the app's sandbox through any of the API calls. Using such a structure the transformed app will protect privacy under the notions of consent to use by the user and used only for the purpose for which information is given. Our evaluation for performance on a number of apps, shows that our solution requires only 0.11% modification to the original apps. Our user-experience evaluation through a survey shows that none of the participants felt any interference from the UI and were pleased due to assurance of app's security.

References

[1]

M. K. Alzaylaee, S. Y. Yerima, and S. Sezer. 2016. Dynalog: an automated dynamic analysis framework for characterizing android applications. In 2016 International Conference On Cyber Security And Protection Of Digital Services. 1--8.

Google Scholar

[2]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise Context, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '14). Association for Computing Machinery, New York, NY, USA, 259--269.

Digital Library

Google Scholar

[3]

William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. ACM Trans. Comput. Syst. 32, 2, Article 5 (June 2014), 29 pages.

Digital Library

Google Scholar

[4]

j4velin. [n. d.]. Pedometer. https://github.com/j4velin/Pedometer

Google Scholar

[5]

N.V.N. Kumar and R.K. Shyamasundar. 2015. Dynamic Labelling for Analyzing Security Protocols. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, New York, NY, USA, 1665--1667.

Digital Library

Google Scholar

[6]

N. V. N. Kumar and R. K. Shyamasundar. 2014. Realizing Purpose-Based Privacy Policies Succinctly via Information-Flow Labels. In 2014 IEEE Fourth International Conference on Big Data and Cloud Computing. 753--760.

Google Scholar

[7]

Li Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2015. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In Proceedings of the 37th International Conference on Software Engineering - Volume 1 (ICSE '15). IEEE Press, 280--291.

Digital Library

Google Scholar

[8]

Bhagyesh Patil, Parjanya Vyas, and R. K. Shyamasundar. 2018. SecSmartLock: An Architecture and Protocol for Designing Secure Smart Locks. In Information Systems Security, Vinod Ganapathy, Trent Jaeger, and R.K. Shyamasundar (Eds.). Springer International Publishing, Cham, 24--43.

Google Scholar

[9]

K. P. Reddy, Babu Rajesh V, H. Pareek, and M. U. Patil. 2015. Dynaldroid: A system for automated dynamic analysis of Android applications. In 2015 National Conference on Recent Advances in Electronics Computer Engineering. 124--129.

Google Scholar

[10]

Abhishek Tiwari, Sascha Groß, and Christian Hammer. 2019. IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications. In Security and Privacy in Communication Networks. Springer, Cham, 335--349.

Google Scholar

[11]

Parjanya Vyas, Bhagyesh Patil, Shubham Singh, and Vinayak Naik. 2019. AppAmigo: An Efficient Middleware to Record and Control Remote Users' Interactions with Their Smartphone Apps. In Proceedings of the 12th Innovations on Software Engineering Conference (Formerly Known as India Software Engineering Conference) (ISEC'19). Association for Computing Machinery, New York, NY, USA, Article 10, 11 pages.

Digital Library

Google Scholar

[12]

Wen-Chieh Wu and Shih-Hao Hung. 2014. DroidDolphin: A Dynamic Android Malware Detection Framework Using Big Data and Machine Learning. In Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems (RACS '14). Association for Computing Machinery, New York, NY, USA, 247--252.

Digital Library

Google Scholar

[13]

Mu Zhang and Heng Yin. 2014. AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications. In NDSS.

Google Scholar

[14]

Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. 2012. SmartDroid: An Automatic System for Revealing UI-Based Trigger Conditions in Android Applications. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '12). Association for Computing Machinery, New York, NY, USA, 93--104.

Digital Library

Google Scholar

Cited By

View all

Tu TZhang HGong BDu DWen Q(2024)Intelligent analysis of android application privacy policy and permission consistencyArtificial Intelligence Review10.1007/s10462-024-10798-z57:7Online publication date: 13-Jun-2024
https://doi.org/10.1007/s10462-024-10798-z
Verma MNand P(2023)A Profile-Based Privacy Protection Method using Sandbox Environment and k-Anonymity: Computer Data Privacy2023 International Conference on Communication, Security and Artificial Intelligence (ICCSAI)10.1109/ICCSAI59793.2023.10421582(119-123)Online publication date: 23-Nov-2023
https://doi.org/10.1109/ICCSAI59793.2023.10421582

App2SecApp: privacy protection from Android applications
1. Security and privacy
  1. Systems security

Recommendations

Vetting undesirable behaviors in android apps with permission use analysis
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent ...
revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Dynamic revocation of permissions of installed Android applications has been gaining popularity, because of the increasing concern of security and privacy in the Android platform. However, applications often crash or misbehave when their permissions are ...
Detecting money-stealing apps in alternative Android markets
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

The prevalence of malware in Android marketplaces is a growing and significant problem. Among the most worrisome concerns are with regarding to malicious Android applications that attempt to steal money from unsuspecting users. These malicious ...

Comments

Information & Contributors

Information

Published In

SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

March 2021

2075 pages

ISBN:9781450381048

DOI:10.1145/3412841

Conference Chairs:
Chih-Cheng Hung
Kennesaw State University
,
Jiman Hong
Soongsil University, South Korea
,
Program Chairs:
Alessio Bechini
University of Pisa, Italy
,
Eunjee Song
Baylor University

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 April 2021

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Ministry of Electronics and Information technology

Conference

SAC '21

Sponsor:

SIGAPP

SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing

March 22 - 26, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
75
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Tu TZhang HGong BDu DWen Q(2024)Intelligent analysis of android application privacy policy and permission consistencyArtificial Intelligence Review10.1007/s10462-024-10798-z57:7Online publication date: 13-Jun-2024
https://doi.org/10.1007/s10462-024-10798-z
Verma MNand P(2023)A Profile-Based Privacy Protection Method using Sandbox Environment and k-Anonymity: Computer Data Privacy2023 International Conference on Communication, Security and Artificial Intelligence (ICCSAI)10.1109/ICCSAI59793.2023.10421582(119-123)Online publication date: 23-Nov-2023
https://doi.org/10.1109/ICCSAI59793.2023.10421582

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Recommendations

Vetting undesirable behaviors in android apps with permission use analysis

revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps

Detecting money-stealing apps in alternative Android markets

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations