TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Towards verifying android apps for the absence of no-sleep energy bugs
HotPower'12 Proceedings of the 2012 USENIX conference on Power-Aware Computing and Systems
A framework for context-aware privacy of sensor data on mobile systems
Proceedings of the 14th Workshop on Mobile Computing Systems and Applications
Towards an understanding of the impact of advertising on data leaks
International Journal of Security and Networks
Insights into layout patterns of mobile user interfaces by an automatic analysis of android apps
Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems
Slicing droids: program slicing for smali code
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Asking for (and about) permissions used by Android apps
Proceedings of the 10th Working Conference on Mining Software Repositories
Proceedings of the 4th Asia-Pacific Workshop on Systems
Easily instrumenting android applications for security purposes
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A case of collusion: a study of the interface between ad libraries and their apps
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
WHYPER: towards automating risk assessment of mobile applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
A taxonomy of privilege escalation attacks in Android applications
International Journal of Security and Networks
Hi-index | 0.00 |
As mobile devices become more widespread and powerful, they store more sensitive data, which includes not only users' personal information but also the data collected via sensors throughout the day. When mobile applications have access to this growing amount of sensitive information, they may leak it carelessly or maliciously. Google's Android operating system provides a permissions-based security model that restricts an application's access to the user's private data. Each application statically declares the sensitive data and functionality that it requires in a manifest, which is presented to the user upon installation. However, it is not clear to the user how sensitive data is used once the application is installed. To combat this problem, we present AndroidLeaks, a static analysis framework for automatically finding potential leaks of sensitive information in Android applications on a massive scale. AndroidLeaks drastically reduces the number of applications and the number of traces that a security auditor has to verify manually. We evaluate the efficacy of AndroidLeaks on 24,350 Android applications from several Android markets. AndroidLeaks found 57,299 potential privacy leaks in 7,414 Android applications, out of which we have manually verified that 2,342 applications leak private data including phone information, GPS location, WiFi data, and audio recorded with the microphone. AndroidLeaks examined these applications in 30 hours, which indicates that it is capable of scaling to the increasingly large set of available applications.