The fast growing use of the Android platform has been accompanied with an increase of malwares in Android applications. A popular way in distributing malwares in the mobile world is through repackaging legitimate apps, embedding malicious code in them, and publishing them in app stores. Therefore, examining the similarity between the behavior of malicious and normal apps can help detect malwares due to repacking. Malicious apps operate by keeping their operations invisible to the user. They also run long enough to perform their malicious tasks. One way to detect malicious apps is to examine their service life cycle. In this paper, we examine the service life cycle of apps. We extract various features of app services. We use these features to classify over 250 normal and malicious apps. Our findings show that malicious apps tend to use services to do their malicious operation and have no communication with the other components of the app, whereas the services in normal apps are usually bound to other components and send messages to notify users about the operations they perform. The results of this exploratory study can be used in the future to design techniques for detecting malicious apps using the classification of their service features.
{"title":"Understanding the Service Life Cycle of Android Apps: An Exploratory Study","authors":"Kobra Khanmohammadi, M. Rejali, A. Hamou-Lhadj","doi":"10.1145/2808117.2808123","DOIUrl":"https://doi.org/10.1145/2808117.2808123","url":null,"abstract":"The fast growing use of the Android platform has been accompanied with an increase of malwares in Android applications. A popular way in distributing malwares in the mobile world is through repackaging legitimate apps, embedding malicious code in them, and publishing them in app stores. Therefore, examining the similarity between the behavior of malicious and normal apps can help detect malwares due to repacking. Malicious apps operate by keeping their operations invisible to the user. They also run long enough to perform their malicious tasks. One way to detect malicious apps is to examine their service life cycle. In this paper, we examine the service life cycle of apps. We extract various features of app services. We use these features to classify over 250 normal and malicious apps. Our findings show that malicious apps tend to use services to do their malicious operation and have no communication with the other components of the app, whereas the services in normal apps are usually bound to other components and send messages to notify users about the operations they perform. The results of this exploratory study can be used in the future to design techniques for detecting malicious apps using the classification of their service features.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117229553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. However, writing privacy policy is tedious and error-prone, because the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel system named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to characterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates correct and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.
{"title":"AutoPPG: Towards Automatic Generation of Privacy Policy for Android Applications","authors":"Le Yu, Zhang Tao, Xiapu Luo, Lei Xue","doi":"10.1145/2808117.2808125","DOIUrl":"https://doi.org/10.1145/2808117.2808125","url":null,"abstract":"A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. However, writing privacy policy is tedious and error-prone, because the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel system named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to characterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates correct and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121607090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, P. Tague, L. Cranor
Smartphone app updates are critical to user security and privacy. New versions may fix important security bugs, which is why users should usually update their apps. However, occasionally apps turn malicious or radically change features in a way users dislike. Users should not necessarily always update in those circumstances, but current update processes are largely automatic. Therefore, it is important to understand user behaviors around updating apps and help them to make security-conscious choices. We conducted two related studies in this area. First, to understand users' current update decisions, we conducted an online survey of user attitudes toward updates. Based on the survey results, we then designed a notification scheme integrating user reviews, which we tested in a field study. Participants installed an Android app that simulated update notifications, enabling us to collect users' update decisions and reactions. We compared the effectiveness of our review-based update notifications with the permission-based notifications. Compared to notifications with permission descriptions only, we found our review-based update notification was more effective at alerting users of invasive or malicious app updates, especially for less trustworthy apps.
{"title":"Supporting Privacy-Conscious App Update Decisions with User Reviews","authors":"Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, P. Tague, L. Cranor","doi":"10.1145/2808117.2808124","DOIUrl":"https://doi.org/10.1145/2808117.2808124","url":null,"abstract":"Smartphone app updates are critical to user security and privacy. New versions may fix important security bugs, which is why users should usually update their apps. However, occasionally apps turn malicious or radically change features in a way users dislike. Users should not necessarily always update in those circumstances, but current update processes are largely automatic. Therefore, it is important to understand user behaviors around updating apps and help them to make security-conscious choices. We conducted two related studies in this area. First, to understand users' current update decisions, we conducted an online survey of user attitudes toward updates. Based on the survey results, we then designed a notification scheme integrating user reviews, which we tested in a field study. Participants installed an Android app that simulated update notifications, enabling us to collect users' update decisions and reactions. We compared the effectiveness of our review-based update notifications with the permission-based notifications. Compared to notifications with permission descriptions only, we found our review-based update notification was more effective at alerting users of invasive or malicious app updates, especially for less trustworthy apps.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"137 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129282104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Privacy","authors":"M. Contois","doi":"10.1145/3247577","DOIUrl":"https://doi.org/10.1145/3247577","url":null,"abstract":"","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130325429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rebecca Balebako, F. Schaub, Idris Adjerid, A. Acquisti, L. Cranor
In a series of experiments, we examined how the timing impacts the salience of smartphone app privacy notices. In a web survey and a field experiment, we isolated different timing conditions for displaying privacy notices: in the app store, when an app is started, during app use, and after app use. Participants installed and played a history quiz app, either virtually or on their phone. After a distraction or delay they were asked to recall the privacy notice's content. Recall was used as a proxy for the attention paid to and salience of the notice. Showing the notice during app use significantly increased recall rates over showing it in the app store. In a follow-up web survey, we tested alternative app store notices, which improved recall but did not perform as well as notices shown during app use. The results suggest that even if a notice contains information users care about, it is unlikely to be recalled if only shown in the app store.
{"title":"The Impact of Timing on the Salience of Smartphone App Privacy Notices","authors":"Rebecca Balebako, F. Schaub, Idris Adjerid, A. Acquisti, L. Cranor","doi":"10.1145/2808117.2808119","DOIUrl":"https://doi.org/10.1145/2808117.2808119","url":null,"abstract":"In a series of experiments, we examined how the timing impacts the salience of smartphone app privacy notices. In a web survey and a field experiment, we isolated different timing conditions for displaying privacy notices: in the app store, when an app is started, during app use, and after app use. Participants installed and played a history quiz app, either virtually or on their phone. After a distraction or delay they were asked to recall the privacy notice's content. Recall was used as a proxy for the attention paid to and salience of the notice. Showing the notice during app use significantly increased recall rates over showing it in the app store. In a follow-up web survey, we tested alternative app store notices, which improved recall but did not perform as well as notices shown during app use. The results suggest that even if a notice contains information users care about, it is unlikely to be recalled if only shown in the app store.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125401591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Antonio Bianchi, Y. Fratantonio, Christopher Krügel, G. Vigna
Malware poses a serious threat to the Android ecosystem. Moreover, even benign applications can sometimes constitute security and privacy risks to their users, as they might contain vulnerabilities, or they might perform unwanted actions. Previous research has shown that the current Android security model is not sufficient to protect against these threats, and several solutions have been proposed to enable the specification and enforcing of finer-grained security policies. Unfortunately, many existing solutions suffer from several limitations: they require modifications to the Android framework, root access to the device, to create a modified version of an existing app that cannot be installed without enabling unsafe options, or they cannot completely sandbox native code components. In this work, we propose a novel approach that aims to sandbox arbitrary Android applications. Our solution, called NJAS, works by executing an Android application within the context of another one, and it achieves sandboxing by means of system call interposition. In this paper, we show that our solution overcomes major limitations that affect existing solutions. In fact, it does not require any modification to the framework, does not require root access to the device, and does not require the user to enable unsafe options. Moreover, the core sandboxing mechanism cannot be evaded by using native code components.
{"title":"NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android","authors":"Antonio Bianchi, Y. Fratantonio, Christopher Krügel, G. Vigna","doi":"10.1145/2808117.2808122","DOIUrl":"https://doi.org/10.1145/2808117.2808122","url":null,"abstract":"Malware poses a serious threat to the Android ecosystem. Moreover, even benign applications can sometimes constitute security and privacy risks to their users, as they might contain vulnerabilities, or they might perform unwanted actions. Previous research has shown that the current Android security model is not sufficient to protect against these threats, and several solutions have been proposed to enable the specification and enforcing of finer-grained security policies. Unfortunately, many existing solutions suffer from several limitations: they require modifications to the Android framework, root access to the device, to create a modified version of an existing app that cannot be installed without enabling unsafe options, or they cannot completely sandbox native code components. In this work, we propose a novel approach that aims to sandbox arbitrary Android applications. Our solution, called NJAS, works by executing an Android application within the context of another one, and it achieves sandboxing by means of system call interposition. In this paper, we show that our solution overcomes major limitations that affect existing solutions. In fact, it does not require any modification to the framework, does not require root access to the device, and does not require the user to enable unsafe options. Moreover, the core sandboxing mechanism cannot be evaded by using native code components.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126185914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Current mobile platforms take an all-or-nothing approach to assigning permissions to applications. Once a user grants an application permission to access a particular resource, the application can use that permission whenever it executes thereafter. This enables an application to access privacy sensitive resources even when they are not needed for it to perform its expected functions. In this paper, we introduce "Context-Specific Access Control" (CSAC) as a design approach towards enforcing the principle of least privilege. CSAC's goal is to enable a user to ensure that, at any point in time, an application has access to those resources which she expects are needed by the application component with which she is currently interacting. We study 100 popular applications from Google Play store and find that existing applications are amenable to CSAC as most applications' use of privacy sensitive resources is limited to a small number of contexts. Furthermore, via dynamic analysis of the 100 applications and a small-scale user study, we find that CSAC does not prohibitively increase the number of access control decisions that users need to make.
{"title":"Context-Specific Access Control: Conforming Permissions With User Expectations","authors":"Amir Rahmati, H. Madhyastha","doi":"10.1145/2808117.2808121","DOIUrl":"https://doi.org/10.1145/2808117.2808121","url":null,"abstract":"Current mobile platforms take an all-or-nothing approach to assigning permissions to applications. Once a user grants an application permission to access a particular resource, the application can use that permission whenever it executes thereafter. This enables an application to access privacy sensitive resources even when they are not needed for it to perform its expected functions. In this paper, we introduce \"Context-Specific Access Control\" (CSAC) as a design approach towards enforcing the principle of least privilege. CSAC's goal is to enable a user to ensure that, at any point in time, an application has access to those resources which she expects are needed by the application component with which she is currently interacting. We study 100 popular applications from Google Play store and find that existing applications are amenable to CSAC as most applications' use of privacy sensitive resources is limited to a small number of contexts. Furthermore, via dynamic analysis of the 100 applications and a small-scale user study, we find that CSAC does not prohibitively increase the number of access control decisions that users need to make.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125102405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Communication technologies have evolved immensely over the past 20 years, with the Internet removing physical borders and mobility keeping us always connected. But privacy technologies, standards and legislation have struggled to keep up. This talk will look at the evolution of online privacy through the lens of users, government and private industry. We will examine where we are today, how we got here, and most importantly how we move forward in a way that protects consumer privacy without stifling innovation. Last but not least, we will discuss the viability and importance of public/private partnerships in solving issues related to online privacy.
{"title":"The Past, Present and Future of Digital Privacy","authors":"A. Manea","doi":"10.1145/2808117.2808127","DOIUrl":"https://doi.org/10.1145/2808117.2808127","url":null,"abstract":"Communication technologies have evolved immensely over the past 20 years, with the Internet removing physical borders and mobility keeping us always connected. But privacy technologies, standards and legislation have struggled to keep up. This talk will look at the evolution of online privacy through the lens of users, government and private industry. We will examine where we are today, how we got here, and most importantly how we move forward in a way that protects consumer privacy without stifling innovation. Last but not least, we will discuss the viability and importance of public/private partnerships in solving issues related to online privacy.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129073679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is our great pleasure to welcome you to the 5th annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2015). The workshop was created to organize and foster discussion of security in the emerging area of smartphone and mobile device computing. As organizers of top security venues, we've observed a consistently large number of submissions describing novel approaches to solving the challenges of this area. We wanted to provide a dedicated venue to discuss these challenges and promising approaches for future research directions. � �The call for papers attracted submissions from Canada, China, Germany, Hong Kong, India, Israel, Mexico, Switzerland, United Arab Emirates, United Kingdom, and the United States. The program committee reviewed and accepted 9 of 25 submitted papers. We are also honored to have a keynote speech by Alex Manea, Director, BlackBerry Security on The Past, Present and Future of Digital Privacy. � �We hope that you will find this program interesting and thought-provoking and that the workshop will provide you with a valuable opportunity to share ideas with other researchers and practitioners from institutions around the world.
{"title":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","authors":"D. Lie, Glenn Wurster","doi":"10.1145/2808117","DOIUrl":"https://doi.org/10.1145/2808117","url":null,"abstract":"It is our great pleasure to welcome you to the 5th annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2015). The workshop was created to organize and foster discussion of security in the emerging area of smartphone and mobile device computing. As organizers of top security venues, we've observed a consistently large number of submissions describing novel approaches to solving the challenges of this area. We wanted to provide a dedicated venue to discuss these challenges and promising approaches for future research directions. \u0000 \u0000The call for papers attracted submissions from Canada, China, Germany, Hong Kong, India, Israel, Mexico, Switzerland, United Arab Emirates, United Kingdom, and the United States. The program committee reviewed and accepted 9 of 25 submitted papers. We are also honored to have a keynote speech by Alex Manea, Director, BlackBerry Security on The Past, Present and Future of Digital Privacy. \u0000 \u0000We hope that you will find this program interesting and thought-provoking and that the workshop will provide you with a valuable opportunity to share ideas with other researchers and practitioners from institutions around the world.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123932135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
More and more people rely on mobile devices to access the Internet, which also increases the amount of private information that can be gathered from people's devices. Although today's smartphone operating systems are trying to provide a secure environment, they fail to provide users with adequate control over and visibility into how third-party applications use their private data. Whereas there are a few tools that alert users when applications leak private information, these tools are often hard to use by the average user or have other problems. To address these problems, we present PrivacyGuard, an open-source VPN-based platform for intercepting the network traffic of applications. PrivacyGuard requires neither root permissions nor any knowledge about VPN technology from its users. PrivacyGuard does not significantly increase the trusted computing base since PrivacyGuard runs in its entirety on the local device and traffic is not routed through a remote VPN server. We implement PrivacyGuard on the Android platform by taking advantage of the VPNService class provided by the Android SDK. PrivacyGuard is configurable, extensible, and useful for many different purposes. We investigate its use for detecting the leakage of multiple types of sensitive data, such as a phone's IMEI number or location data. PrivacyGuard also supports modifying the leaked information and replacing it with crafted data for privacy protection. According to our experiments, PrivacyGuard can detect more leakage incidents by applications and advertisement libraries than TaintDroid. We also demonstrate that PrivacyGuard has reasonable overhead on network performance and almost no overhead on battery consumption.
{"title":"PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices","authors":"Yihang Song, U. Hengartner","doi":"10.1145/2808117.2808120","DOIUrl":"https://doi.org/10.1145/2808117.2808120","url":null,"abstract":"More and more people rely on mobile devices to access the Internet, which also increases the amount of private information that can be gathered from people's devices. Although today's smartphone operating systems are trying to provide a secure environment, they fail to provide users with adequate control over and visibility into how third-party applications use their private data. Whereas there are a few tools that alert users when applications leak private information, these tools are often hard to use by the average user or have other problems. To address these problems, we present PrivacyGuard, an open-source VPN-based platform for intercepting the network traffic of applications. PrivacyGuard requires neither root permissions nor any knowledge about VPN technology from its users. PrivacyGuard does not significantly increase the trusted computing base since PrivacyGuard runs in its entirety on the local device and traffic is not routed through a remote VPN server. We implement PrivacyGuard on the Android platform by taking advantage of the VPNService class provided by the Android SDK. PrivacyGuard is configurable, extensible, and useful for many different purposes. We investigate its use for detecting the leakage of multiple types of sensitive data, such as a phone's IMEI number or location data. PrivacyGuard also supports modifying the leaked information and replacing it with crafted data for privacy protection. According to our experiments, PrivacyGuard can detect more leakage incidents by applications and advertisement libraries than TaintDroid. We also demonstrate that PrivacyGuard has reasonable overhead on network performance and almost no overhead on battery consumption.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117296894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: