ABSTRACT
Android smartphones are ubiquitous all over the world, and organizations that turn profits out of data mining user personal information are on the rise. Many users are not aware of the risks of accepting permissions from Android apps, and the continued state of insecurity, manifested in increased level of breaches across all large organizations means that personal information is falling in the hands of malicious actors. This paper aims at shedding the light on privacy leakage in apps that target a specific demography, Arabs. The research takes into consideration apps that cater to specific cultural aspects of this region and identify how they could be abusing the trust given to them by unsuspecting users. Dynamic taint analysis is used in a virtualized environment to analyze top free apps based on popularity in Google Play store. Information presented highlights how different categories of apps leak different categories of private information.
- GSMA Intelligence, "The Mobile Economy - Arab States 2015," pp. 1--52, 2015.Google Scholar
- IDC, "IDC: Smartphone OS Market Share 2016, 2015." {Online}. Available: http://www.idc.com/promo/smartphone-market-share/os. {Accessed: 29-Mar-2017}.Google Scholar
- Google, "Android Security: 2015 Year in Review," Tech. Rep., no. April, pp. 1--43, 2015.Google Scholar
- R. Unuchek and V. Chebyshev, "Mobile Malware Evolution 2015," Kaspersky Lab Secur., p. 1, 2016.Google Scholar
- Zscaler, "And The Mice Will 'Play'...: App Stores And The Illusion Of Control Part II | Zscaler Blog." {Online}. Available: https://www.zscaler.com/blogs/research/and-mice-will-"play"...-app-stores-and-illusion-control-part-ii. {Accessed: 29-Mar-2017}.Google Scholar
- H. Bagheri, J. Garcia, S. Malek, A. Sadeghi, H. Bagheri, J. Garcia, and S. Malek, "Institute for Software Research A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Apps," Inst. Softw. Res. Univ. California, Irvine, 2016.Google Scholar
- X. Chen and S. Zhu, "DroidJust: Automated Functionality-Aware Privacy Leakage Analysis for Android Applications," WiSec, p. 5:1--5:12, 2015.Google Scholar
- L. Weichselbaum, M. Neugschwandtner, M. Lindorfer, Y. Fratantonio, V. Van Der Veen, and C. Platzer, "ANDRUBIS: Android Malware Under The Magnifying Glass," Vienna Univ. Technol. Tech. Rep. TRISECLAB-0414-001, no. February, 2012.Google Scholar
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," Osdi '10, vol. 49, pp. 1--6, 2010. Google ScholarDigital Library
- S. Li, J. Chen, T. Spyridopoulos, P. Andriotis, R. Ludwiniak, and G. Russell, "Real-time monitoring of privacy abuses and intrusion detection in android system," Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 9190, pp. 379--390, 2015. Google ScholarDigital Library
- E. J. Schwartz, T. Avgerinos, and D. Brumley, "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)," Proc. - IEEE Symp. Secur. Priv., pp. 317--331, 2010. Google ScholarDigital Library
- J. Newsome and D. Song, "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software," Analysis, vol. 44, no. May 2004, pp. 2--3, 2005.Google Scholar
- Y. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall, "Privacy scope: A precise information flow tracking system for finding application leaks," Tech. Rep. EECS-2009-145, Dep. Comput. Sci. UC Berkeley., 2009.Google Scholar
- G. Sarwar, O. Mehani, R. Borely, and M. A. Kaafar, "On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-based Devices," SECRYPT 2013, 10th Int. Conf. Secur. Cryptogr., pp. 1--15, 2013.Google Scholar
- J. Schutte, D. Titze, and J. M. De Fuentes, "AppCaulk: Data leak prevention by injecting targeted taint tracking into android apps," Proc. - 2014 IEEE 13th Int. Conf. Trust. Secur. Priv. Comput. Commun. Trust. 2014, pp. 370--379, 2015. Google ScholarDigital Library
- A. Atamli-Reineh and A. Martin, "Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android," Int. Conf. Secur. Priv. Commun. Syst., vol. 164, pp. 605--621, 2015.Google Scholar
- W. Chang, B. Streiff, and C. Lin, "Efficient and extensible security enforcement using dynamic data flow analysis," Proc. 15th ACM Conf. Comput. Commun. Secur. - CCS '08, p. 39, 2008. Google ScholarDigital Library
- J. Ming, D. Wu, G. Xiao, J. Wang, and P. Liu, "TaintPipe: Pipelined Symbolic Taint Analysis," 24th USENIX Secur. Symp. (USENIX Secur. 15), pp. 65--80, 2015. Google ScholarDigital Library
- A. Ermolinskiy, "Towards Practical Taint Tracking," Eecs, 2010.Google Scholar
- K. Jee, V. P. Kemerlis, A. D. Keromytis, and G. Portokalidis, "ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking," Ccs, pp. 235--246, 2013. Google ScholarDigital Library
- M. Chabbi, S. Perianayagam, G. Andrews, and S. Debray, "Efficient Dynamic Taint Analysis Using Multicore Machines," Cs.Rice.Edu, pp. 1--10, 2012.Google Scholar
- The Benefits of Multiple CPU Cores in Mobile Devices."Google Scholar
- MobileIron, "App Wrapping by AppConnect | MobileIron." {Online}. Available: https://www.mobileiron.com/en/products/appconnect. {Accessed: 29-Mar-2017}.Google Scholar
- Citrix, "Wrapping Android Mobile Apps." {Online}. Available: https://docs.citrix.com/en-us/mdx-toolkit/10/xmob-mdx-kit-app-wrap-android.html. {Accessed: 29-Mar-2017}.Google Scholar
- Z. Wei and D. Lie, "LazyTainter: Memory-Efficient Taint Tracking in Managed Runtimes," Proc. 4th ACM Work. Secur. Priv. Smartphones & Mob. Devices, pp. 27--38, 2014. Google ScholarDigital Library
- C. Qian, X. Luo, Y. Shao, and A. T. S. Chan, "On Tracking Information Flows through JNI in Android Applications."Google Scholar
- appanalysis.org, "TaintDroid: Realtime Privacy Monitoring on Smartphones." {Online}. Available: http://www.appanalysis.org/download.html. {Accessed: 29-Mar-2017}.Google Scholar
- W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige, "TainTrace: Efficient flow tracing with dynamic binary rewriting," Proc. - Int. Symp. Comput. Commun., pp. 749--754, 2006. Google ScholarDigital Library
- "JavaScripting.com - Request." {Online}. Available: https://www.javascripting.com/view/request. {Accessed: 29-Mar-2017}.Google Scholar
- "Selenium Downloads." {Online}. Available: http://www.seleniumhqorg/download/. {Accessed: 29-Mar-2017}.Google Scholar
- "Appium: Mobile App Automation Made Awesome." {Online}. Available: http://appium.io/introduction.html?lang=en. {Accessed: 29-Mar-2017}.Google Scholar
- "Testing Support Library | Android Developers | UI Automator." {Online}. Available: https://developer.android.com/topic/libraries/testing-support-library/index.html#UIAutomator. {Accessed: 29-Mar-2017}.Google Scholar
Recommendations
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and SystemsCommunications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
Analyzing GUI running fluency for Android apps
MSCC '16: Proceedings of the 3rd ACM Workshop on Mobile Sensing, Computing and CommunicationAndroid as a free open platform has become increasingly popular and been widespread adopted in mobile, tablet, and other devices. However, a great number of issues, such as inadequate quality and the fragmentation phenomenon, have emerged, enhancing the ...
Android: Changing the Mobile Landscape
The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Comments