TY - GEN
T1 - DroidJust
T2 - 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015
AU - Chen, Xin
AU - Zhu, Sencun
N1 - Publisher Copyright:
Copyright 2015 ACM.
PY - 2015/6/22
Y1 - 2015/6/22
N2 - Android applications (apps for short) can send out users' sensitive information against users' intention. Based on the stats from Genome and Mobile-Sandboxing, 55.8% and 59.7% Android malware families feature privacy leakage. Prior approaches to detecting privacy leakage on smartphones primarily focused on the discovery of sensitive information flows. However, Android apps also send out users' sensitive information for legitimate functions. Due to the fuzzy nature of the privacy leakage detection problem, we formulate it as a justification problem, which aims to justify if a sensitive information transmission in an app serves any purpose, either for intended functions of the app itself or for other related functions. This formulation makes the problem more distinct and objective, and therefore more feasible to solve than before. We propose DroidJust, an automated approach to justifying an app's sensitive information transmission by bridging the gap between the sensitive information transmission and application functions. We also implement a prototype of DroidJust and evaluate it with over 6000 Google Play apps and over 300 known malware collected from VirusTotal. Our experiments show that our tool can effectively and efficiently analyze Android apps w.r.t their sensitive information flows and functionalities, and can greatly assist in detecting privacy leakage.
AB - Android applications (apps for short) can send out users' sensitive information against users' intention. Based on the stats from Genome and Mobile-Sandboxing, 55.8% and 59.7% Android malware families feature privacy leakage. Prior approaches to detecting privacy leakage on smartphones primarily focused on the discovery of sensitive information flows. However, Android apps also send out users' sensitive information for legitimate functions. Due to the fuzzy nature of the privacy leakage detection problem, we formulate it as a justification problem, which aims to justify if a sensitive information transmission in an app serves any purpose, either for intended functions of the app itself or for other related functions. This formulation makes the problem more distinct and objective, and therefore more feasible to solve than before. We propose DroidJust, an automated approach to justifying an app's sensitive information transmission by bridging the gap between the sensitive information transmission and application functions. We also implement a prototype of DroidJust and evaluate it with over 6000 Google Play apps and over 300 known malware collected from VirusTotal. Our experiments show that our tool can effectively and efficiently analyze Android apps w.r.t their sensitive information flows and functionalities, and can greatly assist in detecting privacy leakage.
UR - http://www.scopus.com/inward/record.url?scp=84962026654&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962026654&partnerID=8YFLogxK
U2 - 10.1145/2766498.2766507
DO - 10.1145/2766498.2766507
M3 - Conference contribution
AN - SCOPUS:84962026654
T3 - Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015
BT - Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015
PB - Association for Computing Machinery, Inc
Y2 - 22 June 2015 through 26 June 2015
ER -