Sweetdroid: Toward a context-sensitive privacy policy enforcement framework for android os

Xin Chen, Heqing Huang, Sencun Zhu, Qing Li, Quanlong Guan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Android privacy control is an important but difficult problem to solve. Previously, there was much research effort either focusing on extending the Android permission model with better policies or modifying the Android framework for fine-grained access control. In this work, we take an integral approach by designing and implementing SweetDroid, a calling-context-sensitive privacy policy enforcement framework. SweetDroid combines automated policy generation with automated policy enforcement. The automatically generated policies in SweetDroid are based on the calling contexts of privacy sensitive APIs; hence, SweetDroid is able to tell whether a particular API (e.g., getLastKnownLocation) under a certain execution path is leaking private information. The policy enforcement in SweetDroid is also fine-grained – it is at the individual API level, not at the permission level. We implement and evaluate the system based on thousands of Android apps, including those from a third-party market and malicious apps from VirusTotal. Our experiment results show that SweetDroid can successfully distinguish and enforce different privacy policies based on calling contexts, and the current design is both developer hassle-free and user transparent. SweetDroid is also efficient because it only introduces small storage and computational overhead.

Original languageEnglish (US)
Title of host publicationWPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017
PublisherAssociation for Computing Machinery, Inc
Pages75-86
Number of pages12
ISBN (Electronic)9781450351751
StatePublished - Oct 30 2017
Event16th ACM Workshop on Privacy in the Electronic Society, WPES 2017 - Dallas, United States
Duration: Oct 30 2017 → …

Publication series

NameWPES 2017 - Proceedings of the 2017 Workshop on Privacy in the Electronic Society, co-located with CCS 2017
Volume2017-January

Other

Other16th ACM Workshop on Privacy in the Electronic Society, WPES 2017
Country/TerritoryUnited States
CityDallas
Period10/30/17 → …

All Science Journal Classification (ASJC) codes

  • Social Sciences (miscellaneous)
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Sweetdroid: Toward a context-sensitive privacy policy enforcement framework for android os'. Together they form a unique fingerprint.

Cite this