Repackaging Android Applications for Auditing Access to Private Data

One of the most important threats for Android users is the collection of private data by malware put on the market. Most of the proposed approaches that help to guarantee the user's privacy rely on modified versions of the Android operating system. In this paper, we propose to automatically detect when an application accesses private data and to log this access in a third-party application. This detection should be performed without any modification to the operating system. The proposed methodology relies on the repackaging of a compiled application and the injection of a reporter at bytecode level. Thus, such a methodology enables the user to audit suspicious applications that ask permissions to access private data and to know if such an access has occurred. We show that the proposed methodology can also be implemented as an IPS, in order to prevent such accesses. Experimental results show the efficiency of the methodology on a set of 18 regular applications of the Android market that deal with contacts. Our prototype detected 66% of the accesses to the user's contacts. We also experimented the detection of privacy violations with 5 known malware that send premium-rate SMS.