DroidJust: Automated functionality-aware privacy leakage analysis for android applications

Xin Chen, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

26 Scopus citations

Abstract

Android applications (apps for short) can send out users' sensitive information against users' intention. Based on the stats from Genome and Mobile-Sandboxing, 55.8% and 59.7% Android malware families feature privacy leakage. Prior approaches to detecting privacy leakage on smartphones primarily focused on the discovery of sensitive information flows. However, Android apps also send out users' sensitive information for legitimate functions. Due to the fuzzy nature of the privacy leakage detection problem, we formulate it as a justification problem, which aims to justify if a sensitive information transmission in an app serves any purpose, either for intended functions of the app itself or for other related functions. This formulation makes the problem more distinct and objective, and therefore more feasible to solve than before. We propose DroidJust, an automated approach to justifying an app's sensitive information transmission by bridging the gap between the sensitive information transmission and application functions. We also implement a prototype of DroidJust and evaluate it with over 6000 Google Play apps and over 300 known malware collected from VirusTotal. Our experiments show that our tool can effectively and efficiently analyze Android apps w.r.t their sensitive information flows and functionalities, and can greatly assist in detecting privacy leakage.

Original languageEnglish (US)
Title of host publicationProceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450336239
DOIs
StatePublished - Jun 22 2015
Event8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015 - New York, United States
Duration: Jun 22 2015Jun 26 2015

Publication series

NameProceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015

Other

Other8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015
CountryUnited States
CityNew York
Period6/22/156/26/15

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'DroidJust: Automated functionality-aware privacy leakage analysis for android applications'. Together they form a unique fingerprint.

  • Cite this

    Chen, X., & Zhu, S. (2015). DroidJust: Automated functionality-aware privacy leakage analysis for android applications. In Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015 [a5] (Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015). Association for Computing Machinery, Inc. https://doi.org/10.1145/2766498.2766507