2020 Volume E103.A Issue 7 Pages 906-916
Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.