Security-by-contract on the .NET platform
Information Security Tech. Report
Understanding Android Security
IEEE Security and Privacy
Language-based security on Android
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Google Android: A Comprehensive Security Assessment
IEEE Security and Privacy
Proceedings of the 12th ACM international conference on Ubiquitous computing
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
MockDroid: trading privacy for application functionality on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Short paper: a look at smartphone permission models
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Proceedings of the 18th ACM conference on Computer and communications security
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Unsafe exposure analysis of mobile in-app advertisements
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
MOSES: supporting operation modes on smartphones
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
RiskRanker: scalable and accurate zero-day android malware detection
Proceedings of the 10th international conference on Mobile systems, applications, and services
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Proceedings of the third ACM conference on Data and application security and privacy
MAST: triage for market-scale mobile malware analysis
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
RetroSkeleton: retrofitting android apps
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
SIF: a selective instrumentation framework for mobile applications
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Bring your own device, securely
Proceedings of the 28th Annual ACM Symposium on Applied Computing
On the effectiveness of API-level access control using bytecode rewriting in Android
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Real-time detection and prevention of android SMS permission abuses
Proceedings of the first international workshop on Security in embedded systems and smartphones
"Little brothers watching you": raising awareness of data leaks on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
The impact of vendor customizations on android security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
FireDroid: hardening security in almost-stock Android
Proceedings of the 29th Annual Computer Security Applications Conference
SEC'13 Proceedings of the 22nd USENIX conference on Security
Systematic audit of third-party android phones
Proceedings of the 4th ACM conference on Data and application security and privacy
Transforming high-level requirements to executable policies for Android
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?
Proceedings of the 23rd international conference on World wide web
Quantifying and Classifying Covert Communications on Android
Mobile Networks and Applications
Hi-index | 0.00 |
Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.