Detecting personally identifiable information transmission in android applications using light-weight static analysis

被引:4
作者
Wongwiwatchai, Nattanon [1 ]
Pongkham, Phannawhat [1 ]
Sripanidkulchai, Kunwadee [1 ]
机构
[1] Chulalongkorn Univ, Dept Comp Engn, 254 Phyathai Rd, Bangkok, Thailand
关键词
Data analytics; Machine learning; Privacy; Personally identifiable information (PII); Mobile applications; MOBILE DEVICES;
D O I
10.1016/j.cose.2020.102011
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This convenience of mobile devices has driven significant growth in the volume of personal information users store on their devices as well as everyday mobile application usage. How-ever, users are becoming increasingly aware of the access these applications have to their personal information and the risk that applications may transmit Personally Identifiable Information (PII) to external servers, sometimes unknowingly to users. There is no easy way to know whether or not an application transmits PII. If this information could be made available to users as early as when they are browsing application markets looking for new applications to install on their devices, they can weigh the pros and cons to make an informed decision on the associated risk of their private information potentially being exposed. Previously, detection of PII transmission has been tackled using heavy-weight techniques such as static code analysis and dynamic behavior analysis requiring from several minutes to hours of testing and analysis per application. In constrast, we propose using light-weight methods to extract features that we then use to develop a classification model to detect PII transmission in under a minute with performance that rivals the heavy-weight techniques. We evaluate our model using an extensive set of more than 8700 top-ranked Android applications. Our approach is precise and fast, making it suitable for real-time detection and analysis of PII transmission in mobile applications. (C) 2020 Elsevier Ltd. All rights reserved.
引用
收藏
页数:14
相关论文
共 28 条
[1]  
Appium, 2019, APKTOOL TOOL REVERSE
[2]   Drebin: Effective and Explainable Detection of Android Malware in Your Pocket [J].
Arp, Daniel ;
Spreitzenbarth, Michael ;
Huebner, Malte ;
Gascon, Hugo ;
Rieck, Konrad .
21ST ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2014), 2014,
[3]  
Arzt S, 2014, ACM SIGPLAN NOTICES, V49, P259, DOI [10.1145/2666356.2594299, 10.1145/2594291.2594299]
[4]  
Cheng ZY, 2017, 2017 INTERNATIONAL CONFERENCE ON NETWORKING, ARCHITECTURE, AND STORAGE (NAS), P81
[5]   Automated Test Input Generation for Android: Are We There Yet? [J].
Choudhary, Shauvik Roy ;
Gorla, Alessandra ;
Orso, Alessandro .
2015 30TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE), 2015, :429-440
[6]   The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis [J].
Conti, Mauro ;
Li, Qian Qian ;
Maragno, Alberto ;
Spolaor, Riccardo .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2018, 20 (04) :2658-2713
[7]  
Continella A, 2017, P 2017 NETW DISTR SY
[8]  
Gibler Clint, 2012, Lecture Notes in Computer Science, P291, DOI 10.1007/978-3-642-30921-2_17
[9]  
Hegedus J, 2011, 2011 7 INT C COMP IN
[10]  
Kuzuno H, 2013, I C DATA ENGIN WORKS, P112, DOI 10.1109/ICDEW.2013.6547438