基于同源策略的移动应用细粒度隐私保护技术

doi:10.11959/j.issn.2096-0271.2020003

摘要/Abstract

摘要：

Android等移动平台基于权限的访问控制机制是作用在应用粒度上的。应用中除了包含应用开发者本身的代码以外，还包含第三方库代码，导致应用权限滥用情况严重。引入类似浏览器同源策略的细粒度控制机制，打破了应用之间的界限，将粒度细化到代码来源。将控制机制实现到Android系统层，并提供了一套插桩工具对应用进行修改。实验结果表明，系统能够起到允许或禁止特定开发者执行特定敏感行为的作用。

关键词: 隐私保护, 第三方库, 访问控制, 移动应用

Abstract:

Mobile systems,such as Android,use permission-based access control mechanism,which is at the granularity of each application.Apart from the code from developers themselves,applications also contain code from third-party libraries,which has led to serious overuse of application permissions.A novel origin-based (similar to browsers) and fine-grained control mechanism was introduced,which broke the boundary between applications in terms of access control and finegrained the granularity to the level of code source.The mechanism was implemented onto Android framework,and a set of tools to modify applications were also offered.Experiment results suggest that system can allow (or limit) certain developers to execute certain sensitive behaviors.

Key words: privacy protection, third-party library, access control, mobile application

中图分类号:

TP309.2

卢文雄, 王浩宇. 基于同源策略的移动应用细粒度隐私保护技术[J]. 大数据, 2020, 6(1): 23-34.

Wenxiong LU, Haoyu WANG. Same origin based fine-grained privacy protection for mobile applications[J]. Big Data Research, 2020, 6(1): 23-34.

图/表 10

图1

图2

图3

图4

图5

图6

表1

表2

图7

图8

参考文献 20

[1]	WANG H Y , LIU Z , LIANG J Y ,et al. Beyond Google play:a large-scale comparative study of Chinese Android App markets[C]// 2018 ACM Internet Measurement Conference,October 31November 2,Boston,USA. New York:ACM Press, 2018: 293-307.
[2]	MICHAEL C G , ZHOU W , JIANG X X ,et al. Unsafe exposure analysis of mobile inApp advertisements[C]// The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks,April 16-18,2012,Tucson,USA. New York:ACM Press, 2012: 101-112.
[3]	RYAN S , CLINT G , JON C ,et al. Investigating user privacy in Android ad libraries[C]// The 3rd Workshop on Mobile Security Technologies,May 24,2012,San Francisco,USA.[S.l:s.n]. 2012.
[4]	WANG H Y , GUO Y , MA Z ,et al. WuKong:a scalable and accurate twophase approach to android App clone detection[C]// 2015 International Symposium on Software Testing and Analysis,July 14-17,2015,Baltimore,USA. New York:ACM Press, 2015: 71-78.
[5]	LIU B , JIN H X , RAMESH G . Efficient privilege de-escalation for ad libraries in mobile apps[C]// The 13th Annual International Conference on Mobile Systems,Applications,and Services,May 19-22,2015,Florence,Italy. New York:ACM Press, 2015: 89-103.
[6]	SHASHI S , MICHAEL D , WALLACH D S . AdSplit:separating smartphone advertising from applications[C]// The 21st USENIX Conference on Security Symposium,August 8-10,2012,Bellevue,USA. Berkeley:USENIX Association, 2012:28.
[7]	PEARCE P , FELT A P , NUNEZ G ,et al. AdDroid:privilege separation for applications and advertisers in Android[C]// The 7th ACM Symposium on Information,Computer and Communications Security.May 2-4,2012,Seoul,Korea. New York:ACM Press, 2012: 71-72.
[8]	ROESNER F , KOHNO T . Securing embedded user interfaces:Android and beyond[C]// The 22nd Security Symposium,August 14-16,2013,Washington,USA. Berkeley:USENIX Association, 2013: 97-112.
[9]	FU J J , ZHOU Y F , LIU H ,et al. Perman:fine-grained permission management for Android applications[C]// The 28th International Symposium on Software Reliability Engineering,October 23-27,2017,Toulouse,France. Piscataway:IEEE Press, 2017: 250-259.
[10]	FU J J , ZHOU Y F , WANG X . Componentbased permission management of Android applications[J]. Software:Practice and Experience, 2019,49(3).
[11]	胡冰惠 . 基于细粒度动态分析的Android平台第三方库隐私泄露分析[D]. 北京:北京交通大学, 2018.
	HU B H . Privacy disclosure analysis of third-party library on Android platform based on free grained dynamic analysis[D]. Beijing:Beijing Jiaotong University, 2018.
[12]	DIAMANTARIS M , PAPADOPOULOS E P , MARKATOS E P ,et al. REAPER:real-time App analysis for augmenting the Android permission system[C]// The 9th ACM Conference on Data and Application Security and Privacy,March 19-21,2018,Tempe,USA. New York:ACM Press, 2018: 37-48.
[13]	WANG H Y , HONG J , GUO Y . Using text mining to infer the purpose of permission use in mobile Apps[C]// The 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing,September 7-11,2015,Osaka,Japan. New York:ACM Press, 2015: 1107-1118.
[14]	WANG H Y , LI Y C , GUO Y ,et al. Understanding the purpose of permission use in mobile Apps[J]. ACM Transactions on Information Systems, 2017,35(4): 1-40.
[15]	ARZT S , RASTHOFER S , FRITZ C ,et al. FlowDroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android Apps[J]. ACM SIGPLAN Notices, 2014,49(6): 259-269.
[16]	YANG W , XIAO X , ANDOW B ,et al. Appcontext:differentiating malicious and benign mobile App behaviors using context[C]// The 37th International Conference on Software Engineering,May 16-24,2015,Florence,Italy. Piscataway:IEEE Press, 2015: 303-313.
[17]	YUVRAJ A , MALCOLM H . Protect my privacy:detecting and mitigating privacy leaks on iOS devices using crowdsourcing[C]// The 11th Annual International Conference on Mobile Systems,Applications,and Services,June 25-28,2013,Taipei,China. New York:ACM Press, 2013: 97-110.
[18]	ENCK W , ONGTANG M , MCDANIEL P . On lightweight mobile phone application certification[C]// The 16th ACM Conference on Computer and Communications Security,November 9-13,2009,Chicago,USA. New York:ACM Press, 2009: 235-245.
[19]	HAMMAD M , BAGHERI H , MALEK S . Determination and enforcement of leastprivilege architecture in Android[C]// 2017 IEEE International Conference on Software Architecture,April 3-7,2017,Gothenburg,Sweden. Amsterdam:Elsevier, 2019: 83-100,149.
[20]	WANG H , GUO Y , TANG Z ,et al. Reevaluating Android permission gaps with static and dynamic analysis[C]// 2015 IEEE Global Communications Conference,December 6-10,2015,San Diego,USA. Piscataway:IEEE Press, 2015: 1-6.

测试组别	行为类别	第三方开发者	应用核心功能	现象
实验组1	位置	允许	不允许	标注点与设备定位点不重合，偏移量符合预期
实验组2		不允许	允许	标注点与设备定位点不重合，偏移量符合预期
对照组1		允许	允许	标注点与设备定位点重合
对照组2		不允许	不允许	标注点与设备定位点不重合，有些标注点偏移量超出预期

测试次数	行为类别	联系人应用	现象
1	联系人	不允许	启动时不显示联系人
2		允许	启动时显示联系人