From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps
Authors: 
Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying, Wenrui Diao, Yanan Li, Shanqing Guo, Haixin DuanAuthors Info & Claims
Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying, Wenrui Diao, Yanan Li, Shanqing Guo, Haixin DuanAuthors Info & ClaimsPages 1561 - 1572
Abstract
Private browsing is a common feature of web browsers on desktop platforms. This feature protects the privacy of users browsing the Internet and, therefore, is widely welcomed by users. In recent years, with the popularity of smartphones, the private browsing mode has been introduced into mobile browsers. However, its deployment on mobile platforms has not been well evaluated. To bridge the gap, in this work, we systemically studied the private browsing modes of Android browser apps. Specifically, we proposed six private rules for mobile browsers to follow by combining the mobile browsing features with the previous research on private browsing. Furthermore, we designed an automated analysis framework, BroDroid, to detect whether mobile browsers violate these rules. Also, with BroDroid, we evaluated 49 popular browser apps crawled from Google Play. Finally, BroDroid successfully identified 58 violations, some of which come from the promised capabilities of the browser. We reported our discovered issues to the corresponding developers, and four of them (Yandex Browser, Mint Browser, Web Explorer, and Net Fast Web Browser) have acknowledged our findings. Our observation may be the tip of the iceberg, and more efforts should be put into improving the privacy protections of mobile browsers.
Supplemental Material
MP4 File
presentation video
- Download
- 1194.26 MB
MP4 File
Supplemental video
- Download
- 14.33 MB
References
[1]
2023. Androguard. Retrieved October 5, 2023 from https://github.com/androgu ard/androguard
[2]
2023. Appium. Retrieved October 5, 2023 from https://appium.io/
[3]
2023. browser-market-share. Retrieved January 28, 2024 from https://gs.statcounter.com/browser-market-share/mobile/worldwide
[4]
2023. ChromeCacheView. Retrieved October 5, 2023 from http://www.nirsoft.net/utils/chrome_cache_view.html
[5]
2023. Chromium-projects. Retrieved October 5, 2023 from https://www.chromium.org/chromium-projects
[6]
2023. Flag-secure. Retrieved October 5, 2023 from https://developer.android.com/reference/android/view/WindowManager.LayoutParams#FLAG_SECURE
[7]
2023. Lsposed. Retrieved October 5, 2023 from https://source.android.com/docs/security/app-sandbox
[8]
2023. Lsposed. Retrieved October 5, 2023 from https://github.com/LSPosed/LSPosed
[9]
2023. Permission. Retrieved October 5, 2023 from https://developer.android.com/guide/topics/permissions/overview
[10]
2023. Tcpdump. Retrieved October 5, 2023 from https://www.tcpdump.org/
[11]
2023. Tshark. Retrieved October 5, 2023 from https://www.wireshark.org/docs/man-pages/tshark.html
[12]
Ruba Abu-Salma and Benjamin Livshits. 2020. Evaluating the End-User Experience of Private Browsing Mode. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI), Honolulu, HI, USA, April 25--30, 2020.
[13]
Gaurav Aggarwal, Elie Bursztein, Collin Jackson, and Dan Boneh. 2010. An Analysis of Private Browsing Modes in Modern Browsers. In Proceedings of the 19th USENIX Security Symposium (USENIX-Sec), Washington, DC, USA, August 11--13, 2010.
[14]
Muhammad Raheel Arshad, Mehdi Hussain, Hasan Tahir, Sana Qadir, Faraz Iqbal Ahmed Memon, and Yousra Javed. 2021. Forensic Analysis of Tor Browser on Windows 10 and Android 10 Operating Systems. IEEE Access (2021).
[15]
Nedaa Al Barghouthy and Andrew Marrington. 2014. A Comparison of Forensic Acquisition Techniques for Android Devices: A Case Study Investigation of Orweb Browsing Sessions. In Proceedings of the 6th International Conference on New Technologies, Mobility and Security (NTMS), Dubai, United Arab Emirates, March 30 - April 2, 2014.
[16]
Hui Cai, Fan Ye, Yuanyuan Yang, Yanmin Zhu, and Jie Li. 2020. Towards Correlated Queries on Trading of Private Web Browsing History. In Proceedings of the 39th IEEE Conference on Computer Communications (INFOCOM), Toronto, ON, Canada, July 6--9, 2020.
[17]
Francisco Handrick da Costa, Ismael Medeiros, Thales Menezes, João Victor da Silva, Ingrid Lorraine da Silva, Rodrigo Bonifácio, Krishna Narasimhan, and Márcio Ribeiro. 2022. Exploring the use of static and dynamic analysis to improve the performance of the mining sandbox approach for android malware identification. Journal of Systems and Software 183 (2022), 111092.
[18]
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Secondgeneration Onion Router. Technical Report. Naval Research Lab Washington DC.
[19]
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David A.Wagner. 2011. Android Permissions Demystified. In Proceedings of the 18th ACMConference on Computer and Communications Security (CCS), Chicago, Illinois, USA, October 17--21, 2011.
[20]
Xosé Fernández-Fuentes, Tomás F. Pena, and José Carlos Cabaleiro. 2022. Digital forensic analysis methodology for private browsing: Firefox and Chrome on Linux as a case study. Computers and Security 115 (2022), 102626.
[21]
Cassandra Flowers, Ali Mansour, and Haider M. Al-Khateeb. 2016. Web Browser Artefacts in Private and Portable Modes: A Forensic Investigation. International Journal of Electronic Security and Digital Forensics 8, 2 (2016), 99--117.
[22]
Google. 2023. Application Fundamentals. Retrieved October 5, 2023 from https://developer.android.com/guide/components/fundamentals
[23]
Google. 2023. Data-storage. Retrieved October 5, 2023 from https://developer.android.com/training/data-storage
[24]
Google. 2023. Safe-data. Retrieved October 5, 2023 from https://developer.android.com/topic/security/best-practices#safe-data
[25]
Graeme Horsman, Ben Findlay, Josh Edwick, Alisha Asquith, Katherine Swannell, Dean Fisher, Alexander Grieves, Jack Guthrie, Dylan Stobbs, and Peter McKain. 2019. A forensic examination of web browser privacy-modes. Forensic Science International: Reports (2019).
[26]
Kris Hughes, Pavlos Papadopoulos, Nikolaos Pitropakis, Adrian Smales, Jawad Ahmad, and William J. Buchanan. 2021. Browsers' Private Mode: Is It What We Were Promised? Computers 10, 12 (2021), 165.
[27]
Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. 2006. Protecting Browser State from Web Privacy Attacks. In Proceedings of the 15th International Conference on World Wide Web (WWW), Edinburgh, Scotland, UK, May 23--26, 2006.
[28]
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. "My Data Just Goes Everywhere:" User Mental Models of the Internet and Implications for Privacy and Security. In Proceedings of Eleventh Symposium on Usable Privacy and Security (SOUPS), 2015.
[29]
kingroot studio. 2023. KingRoot. Retrieved October 5, 2023 from https://kingro otapp.net/
[30]
Su Mon Kywe, Christopher Landis, Yutong Pei, Justin Satterfield, Yuan Tian, and Patrick Tague. 2014. PrivateDroid: Private Browsing Mode for Android. In Proceedings of the 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Beijing, China, September 24--26, 2014.
[31]
Benjamin S. Lerner, Liam Elberty, Neal Poole, and Shriram Krishnamurthi. 2013. Verifying Web Browser Extensions' Compliance with Private-Browsing Mode. In Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS), Egham, UK, September 9--13, 2013 .
[32]
Donny Jacob Ohana and Narasimha Shashidhar. 2013. Do Private and Portable Web Browsers Leave Incriminating Evidence? A Forensic Analysis of Residual Artifacts from Private and Portable Web Browsing Sessions. In Proceedings of the 2013 IEEE Symposium on Security and Privacy Workshops (IEEE-SPW), San Francisco, CA, USA, May 23--24, 2013.
[33]
Rafael Pires, David Goltzsche, Sonia Ben Mokhtar, Sara Bouchenak, Antoine Boutet, Pascal Felber, Rüdiger Kapitza, Marcelo Pasin, and Valerio Schiavoni. 2018. CYCLOSA: Decentralizing PrivateWeb Search through SGX-Based Browser Extensions. In Proceedings of the 38th IEEE International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, July 2--6, 2018.
[34]
rovo89. 2023. Xposed. Retrieved October 5, 2023 from https://github.com/rovo8 9/Xposed
[35]
topjohnwu. 2023. Magisk. Retrieved October 5, 2023 from https://github.com/t opjohnwu/Magisk
[36]
Nikolaos Tsalis, Alexios Mylonas, Antonia Nisioti, Dimitris Gritzalis, and Vasilios Katos. 2017. Exploring the protection of private browsing in desktop browsers. Computers and Security 67 (2017), 181--197.
[37]
FrankWang, James Mickens, and Nickolai Zeldovich. 2018. Veil: Private Browsing Semantics Without Browser-side Assistance. In Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 18--21, 2018.
[38]
Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acar, Sascha Fahl, and Blase Ur. 2018. Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode. In Proceedings of the 2018 International World Wide Web Conference (WWW), Lyon, France, April 23--27, 2018.
[39]
Yuanyi Wu, Dongyu Meng, and Hao Chen. 2017. Evaluating Private Modes in Desktop and Mobile Browsers and Their Resistance to Fingerprinting. In Proceedings of 2017 IEEE Conference on Communications and Network Security (CNS), Las Vegas, NV, USA, October 9--11, 2017.
[40]
Lojin Bani Younis, Safa Sweda, and Ahmad Alzu'bi. 2021. Forensics Analysis of Private Web Browsing Using Android Memory Acquisition. In Proceedings of the 12th International Conference on Information and Communication Systems (ICICS).
[41]
Bin Zhao and Peng Liu. 2015. Private Browsing Mode Not Really That Private: Dealing with Privacy Breach Caused by Browser Extensions. In Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Rio de Janeiro, Brazil, June 22--25, 2015.
Index Terms
- From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps
Recommendations
Android: Changing the Mobile Landscape
The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and SystemsCommunications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
Comments
Information & Contributors
Information
Published In
May 2024
4826 pages
ISBN:9798400701719
DOI:10.1145/3589334
- General Chairs:
- Tat-Seng Chua,
- Chong-Wah Ngo,
- Proceedings Chair:
- Roy Ka-Wei Lee,
- Program Chairs:
- Ravi Kumar,
- Hady W. Lauw
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 May 2024
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- Shandong Provincial Natural Science Foundation
- QAX Student Innovation Funding Program for Cybersecurity Schools
- Taishan Young Scholar Program of Shandong Province, China
- Xiaomi Young Talents Program
Conference
WWW '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,899 of 8,196 submissions, 23%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 635Total Downloads
- Downloads (Last 12 months)635
- Downloads (Last 6 weeks)146
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in