Honeypots: Tracking Hackers
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
MockDroid: trading privacy for application functionality on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Short paper: a look at smartphone permission models
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Unsafe exposure analysis of mobile in-app advertisements
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
MOSES: supporting operation modes on smartphones
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
RiskRanker: scalable and accurate zero-day android malware detection
Proceedings of the 10th international conference on Mobile systems, applications, and services
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
ProfileDroid: multi-layer profiling of android applications
Proceedings of the 18th annual international conference on Mobile computing and networking
Aurasium: practical policy enforcement for Android applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Dr. Android and Mr. Hide: fine-grained permissions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: enhancing users' comprehension of android permissions
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Reducing attack surfaces for intra-application communication in android
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
How expensive are free smartphone apps?
ACM SIGMOBILE Mobile Computing and Communications Review
Meddle: middleboxes for increased transparency and control of mobile traffic
Proceedings of the 2012 ACM conference on CoNEXT student workshop
A conundrum of permissions: installing applications on an android smartphone
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Sweetening android lemon markets: measuring and combating malware in application marketplaces
Proceedings of the third ACM conference on Data and application security and privacy
AppsPlayground: automatic security analysis of smartphone applications
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the third ACM conference on Data and application security and privacy
Information Security Tech. Report
A proposal for the privacy leakage verification tool for Android application developers
Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication
Towards unified authorization for android
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
MAST: triage for market-scale mobile malware analysis
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
CAMEO: a middleware for mobile advertisement delivery
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
RetroSkeleton: retrofitting android apps
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Enhancing security enforcement on unmodified Android
Proceedings of the 28th Annual ACM Symposium on Applied Computing
ADAM: an automatic and extensible platform to stress test android anti-virus systems
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
MeadDroid: detecting monetary theft attacks in android by DVM monitoring
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
πBox: a platform for privacy-preserving apps
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
PSiOS: bring your own privacy & security to iOS devices
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
On the effectiveness of API-level access control using bytecode rewriting in Android
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
"Little brothers watching you": raising awareness of data leaks on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
Best paper -- Follow the money: understanding economics of online aggregation and advertising
Proceedings of the 2013 conference on Internet measurement conference
ACM SIGMOBILE Mobile Computing and Communications Review
Appinspect: large-scale evaluation of social networking apps
Proceedings of the first ACM conference on Online social networks
Identity, location, disease and more: inferring your secrets from android public resources
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
The impact of vendor customizations on android security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Challenges of keyword-based location disclosure
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
AFrame: isolating advertisements from mobile applications in Android
Proceedings of the 29th Annual Computer Security Applications Conference
FireDroid: hardening security in almost-stock Android
Proceedings of the 29th Annual Computer Security Applications Conference
SEC'13 Proceedings of the 22nd USENIX conference on Security
Enabling fine-grained permissions for augmented reality applications with recognizers
SEC'13 Proceedings of the 22nd USENIX conference on Security
WHYPER: towards automating risk assessment of mobile applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Systematic audit of third-party android phones
Proceedings of the 4th ACM conference on Data and application security and privacy
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?
Proceedings of the 23rd international conference on World wide web
A taxonomy of privilege escalation attacks in Android applications
International Journal of Security and Networks
Automatic detection of inter-application permission leaks in Android applications
IBM Journal of Research and Development
ipShield: a framework for enforcing context-aware privacy
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
We examine two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated: (1) covertly substituting shadow data in place of data that the user wants to keep private, and (2) blocking network transmissions that contain data the user made available to the application for on-device use only. We retrofit the Android operating system to implement these two controls for use with unmodified applications. A key challenge of imposing shadowing and exfiltration blocking on existing applications is that these controls could cause side effects that interfere with user-desired functionality. To measure the impact of side effects, we develop an automated testing methodology that records screenshots of application executions both with and without privacy controls, then automatically highlights the visual differences between the different executions. We evaluate our privacy controls on 50 applications from the Android Market, selected from those that were both popular and permission-hungry. We find that our privacy controls can successfully reduce the effective permissions of the application without causing side effects for 66% of the tested applications. The remaining 34% of applications implemented user-desired functionality that required violating the privacy requirements our controls were designed to enforce; there was an unavoidable choice between privacy and user-desired functionality.