Privacy Profiling Impact of Android Mobile Applications

In the past years we have experienced a fast growth in the demand and widespread of mobile devices. The evolution of wireless network technologies has offered mobile devices direct access to Internet and so, now, many applications allow users to interact with their friends on social-networks, send emails, use internet-banking services and more, while on the move. Because of that, and the advance in hardware capabilities, end users are increasingly relying on their personal mobile devices to store and handle sensitive information. In such context the privacy issues are quite concerning, since is likely for vendors to access sensitive data through their custom apps. Although several studies have examined general privacy risks and solutions to monitor, block or shadow personal data, few attempts have been made to build a framework that profiles the privacy impact of Android mobile applications at installation time and afterwards. Hence, in this paper, we propose an Android system extension that can expose to users a series of information about the previous concerns. We start by generating a high-level profile of the application at installation time (short-term) and then gather insights about it by monitoring sensitive data flows during runtime (long-term). The result: users will get the privacy impact knowledge needed in order to make informed decisions on whether or not to install or keep using an Android application.