A framework for static detection of privacy leaks in android applications

Authors:
Christopher Mann;Artem Starostin
Affiliations:
Modeling and Analysis of Information Systems TU Darmstadt, Germany;Modeling and Analysis of Information Systems TU Darmstadt, Germany
Venue:
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Year:
2012

Citing 10
Cited 3

Type systems for programming languages

Handbook of theoretical computer science (vol. B)
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
A sound type system for secure flow analysis

Journal of Computer Security
Certification of programs for secure information flow

Communications of the ACM
A certified lightweight non-interference java bytecode verifier

ESOP'07 Proceedings of the 16th European conference on Programming
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A typed assembly language for non-interference

ICTCS'05 Proceedings of the 9th Italian conference on Theoretical Computer Science
Information flow analysis for java bytecode

VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Security-typed languages for implementation of cryptographic protocols: a case study

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Defending users against smartphone apps: techniques and future directions

ICISS'11 Proceedings of the 7th international conference on Information Systems Security

Towards an understanding of the impact of advertising on data leaks

International Journal of Security and Networks
Can Smartphone Users Turn Off Tracking Service Settings?

Proceedings of International Conference on Advances in Mobile Computing & Multimedia
Automatic detection of inter-application permission leaks in Android applications

IBM Journal of Research and Development

Quantified Score

Hi-index	0.00

Visualization

Abstract

We report on applying techniques for static information flow analysis to identify privacy leaks in Android applications. We have crafted a framework which checks with the help of a security type system whether the Dalvik bytecode implementation of an Android app conforms to a given privacy policy. We have carefully analyzed the Android API for possible sources and sinks of private data and identified exemplary privacy policies based on this. We demonstrate the applicability of our framework on two case studies showing detection of privacy leaks.