Type systems for programming languages
Handbook of theoretical computer science (vol. B)
ACM Transactions on Information and System Security (TISSEC)
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
A certified lightweight non-interference java bytecode verifier
ESOP'07 Proceedings of the 16th European conference on Programming
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A typed assembly language for non-interference
ICTCS'05 Proceedings of the 9th Italian conference on Theoretical Computer Science
Information flow analysis for java bytecode
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Towards an understanding of the impact of advertising on data leaks
International Journal of Security and Networks
Can Smartphone Users Turn Off Tracking Service Settings?
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
Automatic detection of inter-application permission leaks in Android applications
IBM Journal of Research and Development
Hi-index | 0.00 |
We report on applying techniques for static information flow analysis to identify privacy leaks in Android applications. We have crafted a framework which checks with the help of a security type system whether the Dalvik bytecode implementation of an Android app conforms to a given privacy policy. We have carefully analyzed the Android API for possible sources and sinks of private data and identified exemplary privacy policies based on this. We demonstrate the applicability of our framework on two case studies showing detection of privacy leaks.