Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
The WEKA data mining software: an update
ACM SIGKDD Explorations Newsletter
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
Automating GUI testing for Android applications
Proceedings of the 6th International Workshop on Automation of Software Test
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Using GUI ripping for automated testing of Android applications
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Automated concolic testing of smartphone apps
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Proceedings of the third ACM conference on Data and application security and privacy
A grey-box approach for automated GUI-model generation of mobile applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
AMC: verifying user interface properties for vehicular applications
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
| Hi-index | 0.00 |
Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for end users to take preventive measures. Hence, users often cannot reconcile the way they have used an application to a reported leak --- i.e., they are unable to comprehend the (il)legitimacy of the leak or make a decision on whether to allow the leak. This paper aims to demonstrate the feasibility and benefits of identifying the causes of leaks from a user's point of view, which we call mobile forensics of privacy leaks. Its goal is to correlate user actions to leaks, and report the causes from a user-oriented perspective. To make the case, we have performed a preliminary study that identifies leak causes based on logs of user actions in more than 220 Android applications and corresponding leak reports from a leak detection tool. Our results show that more than 60% of the 105 applications (of the 220 we sampled) that leak private data leak data do so due to user actions on certain in-application GUI widgets. About 44% also leak data right after users launch them, while 32% leak data periodically after launch. We also constructed a database containing leak causes from all tested apps, and demonstrated the use of visual overlays to warn users about potential leaks.