TY - GEN
T1 - Sweetdroid
T2 - 16th ACM Workshop on Privacy in the Electronic Society, WPES 2017
AU - Chen, Xin
AU - Huang, Heqing
AU - Zhu, Sencun
AU - Li, Qing
AU - Guan, Quanlong
N1 - Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/10/30
Y1 - 2017/10/30
N2 - Android privacy control is an important but difficult problem to solve. Previously, there was much research effort either focusing on extending the Android permission model with better policies or modifying the Android framework for fine-grained access control. In this work, we take an integral approach by designing and implementing SweetDroid, a calling-context-sensitive privacy policy enforcement framework. SweetDroid combines automated policy generation with automated policy enforcement. The automatically generated policies in SweetDroid are based on the calling contexts of privacy sensitive APIs; hence, SweetDroid is able to tell whether a particular API (e.g., getLastKnownLocation) under a certain execution path is leaking private information. The policy enforcement in SweetDroid is also fine-grained – it is at the individual API level, not at the permission level. We implement and evaluate the system based on thousands of Android apps, including those from a third-party market and malicious apps from VirusTotal. Our experiment results show that SweetDroid can successfully distinguish and enforce different privacy policies based on calling contexts, and the current design is both developer hassle-free and user transparent. SweetDroid is also efficient because it only introduces small storage and computational overhead.
AB - Android privacy control is an important but difficult problem to solve. Previously, there was much research effort either focusing on extending the Android permission model with better policies or modifying the Android framework for fine-grained access control. In this work, we take an integral approach by designing and implementing SweetDroid, a calling-context-sensitive privacy policy enforcement framework. SweetDroid combines automated policy generation with automated policy enforcement. The automatically generated policies in SweetDroid are based on the calling contexts of privacy sensitive APIs; hence, SweetDroid is able to tell whether a particular API (e.g., getLastKnownLocation) under a certain execution path is leaking private information. The policy enforcement in SweetDroid is also fine-grained – it is at the individual API level, not at the permission level. We implement and evaluate the system based on thousands of Android apps, including those from a third-party market and malicious apps from VirusTotal. Our experiment results show that SweetDroid can successfully distinguish and enforce different privacy policies based on calling contexts, and the current design is both developer hassle-free and user transparent. SweetDroid is also efficient because it only introduces small storage and computational overhead.
UR - http://www.scopus.com/inward/record.url?scp=85043395045&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85043395045&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85043395045
T3 - WPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017
SP - 75
EP - 86
BT - WPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017
PB - Association for Computing Machinery, Inc
Y2 - 30 October 2017
ER -