AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users

Authors:
Sanae Rosen;Zhiyun Qian;Z. Morely Mao
Affiliations:
University of Michigan, Ann Arbor, MI, USA;University of Michigan, Ann Arbor, MI, USA;University of Michigan, Ann Arbor, MI, USA
Venue:
Proceedings of the third ACM conference on Data and application security and privacy
Year:
2013

Citing 18
Cited 5

Intrusion detection using sequences of system calls

Journal of Computer Security
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Apex: extending Android permission model and enforcement with user-defined runtime constraints

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
The effectiveness of application permissions

WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Taming information-stealing smartphone applications (on Android)

TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems

SEC'11 Proceedings of the 20th USENIX conference on Security
Crowdroid: behavior-based malware detection system for Android

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security
Unsafe exposure analysis of mobile in-app advertisements

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Challenges for dynamic analysis of iOS applications

iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Android permissions: user attention, comprehension, and behavior

Proceedings of the Eighth Symposium on Usable Privacy and Security
PScout: analyzing the Android permission specification

Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities

Proceedings of the 2012 ACM conference on Computer and communications security

The case for mobile forensics of private data leaks: towards large-scale user-oriented privacy protection

Proceedings of the 4th Asia-Pacific Workshop on Systems
Vetting undesirable behaviors in android apps with permission use analysis

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
The impact of vendor customizations on android security

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A case of collusion: a study of the interface between ad libraries and their apps

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although Android's permission system is intended to allow users to make informed decisions about their privacy, it is often ineffective at conveying meaningful, useful information on how a user's privacy might be impacted by using an application. We present an alternate approach to providing users the knowledge needed to make informed decisions about the applications they install. First, we create a knowledge base of mappings between API calls and fine-grained privacy-related behaviors. We then use this knowledge base to produce, through static analysis, high-level behavior profiles of application behavior. We have analyzed almost 80,000 applications to date and have made the resulting behavior profiles available both through an Android application and online. Nearly 1500 users have used this application to date. Based on 2782 pieces of application-specific feedback, we analyze users' opinions about how applications affect their privacy and demonstrate that these profiles have had a substantial impact on their understanding of those applications. We also show the benefit of these profiles in understanding large-scale trends in how applications behave and the implications for user privacy.