AndroidLeaks: Automatically Detecting

Potential Privacy Leaks In Android Applications

on a Large Scale

Abstract. As mobile devices become more widespread and powerful, they store more sensitive data, which includes not only usersrsquo; personal information but also the data collected via sensors throughout the day. When mobile applications have access to this growing amount of sensitive information, they may leak it carelessly or maliciously.

Googlersquo;s Android operating system provides a permissions-based security model that restricts an applicationrsquo;s access to the userrsquo;s private data. Each application statically declares the sensitive data and functionality that it requires in a manifest, which is presented to the user upon installation. However, it is not clear to the user how sensitive data is used once the application is installed. To combat this problem, we present AndroidLeaks, a static analysis framework for automatically finding potential leaks of sensitive information in Android applications on a massive scale. AndroidLeaks drastically reduces the number of applications and the number of traces that a security auditor has to verify manually.

We evaluate the efficacy of AndroidLeaks on 24,350 Android applications from several Android markets. AndroidLeaks found 57,299 potential privacy leaks in 7,414 Android applications, out of which we have manually verified that 2,342 applications leak private data including phone information, GPS location, WiFi data, and audio recorded with the microphone. AndroidLeaks examined these applications in 30 hours, which indicates that it is capable of scaling to the increasingly large set of available applications.

Introduction

As smartphones have become more popular, the focus of mobile computing has shifted from laptops to phones and tablets. There are several competing mobile platforms. As of this writing, Android has the highest market share of any

⋆ Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energys National Nuclear Security Administration under contract DE-AC04-94AL85000.

smartphone operating system in the U.S. [8]. Android provides the core smartphone experience, but much of a userrsquo;s productivity depends on third-party applications. To this end, Android has numerous marketplaces where users can download third-party applications. In contrast to the market policy for iOS, in which every application is reviewed before it can be published [15], most Android markets allow developers to post their applications with no review process. This policy has been criticized for its potential vulnerability to malicious applications. Google instead allows the Android Market to self-regulate, with higher-rated applications more likely to show up in search results and reported malicious applications removed.

Android sandboxes each application from the rest of the systemrsquo;s resources in an effort to protect the user [2]. This attempts to ensure that one application cannot tamper with another application or the system as a whole. If an application needs to access a restricted resource, the developer must statically request permission to use that resource by declaring it in the applicationrsquo;s manifest file. When a user attempts to install the application, Android will warn the user that the application requires certain restricted resources (for instance, location data), and that by installing the application, she is granting permission for the application to use the specified resources. If the user declines to authorize these permissions, the application will not be installed.

However, statically requiring permissions does not inform the user how the resource will be used once granted. A maps application, for example, will require access to the Internet in order to download updated map tiles, route information and traffic reports. It will also require access to the phonersquo;s location in order to adjust the displayed map and give real-time directions. The applicationrsquo;s functionality requires sending location data to the maps server, which is expected and acceptable given the purpose of the application. However, if the application is ad-supported it may also leak location data to advertisers for targeted ads, which may compromise a userrsquo;s privacy. Given the only information currently presented to users is a list of required permissions, a user will not be able to tell how the maps application is handling her location information.

To address this issue, we present AndroidLeaks, a static analysis framework designed to identify potential leaks of personal information in Android applications on a large scale. Leveraging WALA [7], a program analysis framework for Java source and byte code, we create a call graph of an applicationrsquo;s code and then perform a reachability analysis to determine if sensitive information may be sent over the network. If there is a potential path, we use dataflow analysis to determine if private data reaches a network sink. Our contributions in this paper are as follows:

• We have created a set of mappings between Android API methods and the permissions they require to execute using static techniques. We use a subset of this mapping as the sources and sinks of private data for our dataflow analysis.
• We present AndroidLeaks, a static analysis framework for finding potential leaks of private information in Android applic

  剩余内容已隐藏，支付完成后下载完整资料

  ---

  原文

  AndroidLeaks: Automatically Detecting

  Potential Privacy Leaks In Android Applications

  on a Large Scale

  Abstract. As mobile devices become more widespread and powerful, they store more sensitive data, which includes not only usersrsquo; personal information but also the data collected via sensors throughout the day. When mobile applications have access to this growing amount of sensitive information, they may leak it carelessly or maliciously.

  Googlersquo;s Android operating system provides a permissions-based security model that restricts an applicationrsquo;s access to the userrsquo;s private data. Each application statically declares the sensitive data and functionality that it requires in a manifest, which is presented to the user upon installation. However, it is not clear to the user how sensitive data is used once the application is installed. To combat this problem, we present AndroidLeaks, a static analysis framework for automatically finding potential leaks of sensitive information in Android applications on a massive scale. AndroidLeaks drastically reduces the number of applications and the number of traces that a security auditor has to verify manually.

  We evaluate the efficacy of AndroidLeaks on 24,350 Android applications from several Android markets. AndroidLeaks found 57,299 potential privacy leaks in 7,414 Android applications, out of which we have manually verified that 2,342 applications leak private data including phone information, GPS location, WiFi data, and audio recorded with the microphone. AndroidLeaks examined these applications in 30 hours, which indicates that it is capable of scaling to the increasingly large set of available applications.

  Introduction

  As smartphones have become more popular, the focus of mobile computing has shifted from laptops to phones and tablets. There are several competing mobile platforms. As of this writing, Android has the highest market share of any

  ⋆ Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energys National Nuclear Security Administration under contract DE-AC04-94AL85000.

  smartphone operating system in the U.S. [8]. Android provides the core smartphone experience, but much of a userrsquo;s productivity depends on third-party applications. To this end, Android has numerous marketplaces where users can download third-party applications. In contrast to the market policy for iOS, in which every application is reviewed before it can be published [15], most Android markets allow developers to post their applications with no review process. This policy has been criticized for its potential vulnerability to malicious applications. Google instead allows the Android Market to self-regulate, with higher-rated applications more likely to show up in search results and reported malicious applications removed.

  Android sandboxes each application from the rest of the systemrsquo;s resources in an effort to protect the user [2]. This attempts to ensure that one application cannot tamper with another application or the system as a whole. If an application needs to access a restricted resource, the developer must statically request permission to use that resource by declaring it in the applicationrsquo;s manifest file. When a user attempts to install the application, Android will warn the user that the application requires certain restricted resources (for instance, location data), and that by installing the application, she is granting permission for the application to use the specified resources. If the user declines to authorize these permissions, the application will not be installed.

  However, statically requiring permissions does not inform the user how the resource will be used once granted. A maps application, for example, will require access to the Internet in order to download updated map tiles, route information and traffic reports. It will also require access to the phonersquo;s location in order to adjust the displayed map and give real-time directions. The applicationrsquo;s functionality requires sending location data to the maps server, which is expected and acceptable given the purpose of the application. However, if the application is ad-supported it may also leak location data to advertisers for targeted ads, which may compromise a userrsquo;s privacy. Given the only information currently presented to users is a list of required permissions, a user will not be able to tell how the maps application is handling her location information.

  To address this issue, we present AndroidLeaks, a static analysis framework designed to identify potential leaks of personal information in Android applications on a large scale. Leveraging WALA [7], a program analysis framework for Java source and byte code, we create a call graph of an applicationrsquo;s code and then perform a reachability analysis to determine if sensitive information may be sent over the network. If there is a potential path, we use dataflow analysis to determine if private data reaches a network sink. Our contributions in this paper are as follows:

  • We have created a set of mappings between Android API methods and the permissions they require to execute using static techniques. We use a subset of this mapping as the sources and sinks of private data for our dataflow analysis.
  • We present AndroidLeaks, a static analysis framework for finding potential leaks of private i

    剩余内容已隐藏，支付完成后下载完整资料

    ---

    资料编号：[259577]，资料为PDF文档或Word文档，PDF文档可免费转换为Word

您可能感兴趣的文章

• 在空中搜救行动手机WiFi检测技术的可行性研究外文翻译资料
• 数据库开发过程外文翻译资料
• 更深入地讲卷积外文翻译资料
• 最先进的远程人脸识别算法评估外文翻译资料
• 算法动画的Unity 3D框架外文翻译资料
• 基于unity游戏引擎的3d建模和可视化-优势和挑战外文翻译资料
• 基于协同过滤和内容预测的改进推荐算法研究外文翻译资料
• 新研制的9Cr2WVTa钢的冷裂敏感性外文翻译资料
• 生成对抗网络图像合成与编辑综述外文翻译资料
• 基于JSP的网上化妆品商店销售系统分析与设计外文翻译资料