There has been growth in the development of mobile device market. In particular, many mobile devices' applications are 'free', but depend on advertisement modules for their revenue. An advertisement module can collect a user's sensitive information and transmit it across the network. Such behaviour becomes an invasion of privacy. We analysed 1,188 Android applications' traffic and permissions, 93% connected to multiple network destinations, and 55% required both access to sensitive information and the networking permissions. Of the 107,859 HTTP packets from these applications, 22% contained sensitive information. In an effort to enable users to control the transmission of their private information, we propose a system which, using a novel clustering method based on the HTTP destination and content distances, generates signatures from the clustering result and uses them to detect sensitive information leakage from applications. Our system detected 97% of the sensitive information leakage, with only 3% false positive results.
