APP隐私泄露风险评估与保护方案

doi:10.11959/j.issn.1000-436x.2019085

Abstract

Abstract:

The APP in smartphone contain various third-party services.However,the service providers illegally read the user’s private information.To address this problem,a privacy risk assessing scheme called PRAS was proposed.Firstly,a model was built to assess the risk of privacy leakage,by counting all the permissions acquired by each service providers and considering the non-linear impact of the permissions combination on privacy leakage.Then,by analyzing the balance between service quality and privacy-preserving,an optimal model was used to minimized the risk of private information leakage,and a permission management method was given to protect the privacy information among APP.The experiment results show that PRAS reduces the risk of privacy leakage by an average of 18.5%.

Key words: Android, privacy-preserving, risk assessment, permission management

CLC Number:

TN929

Xinyu WANG,Ben NIU,Fenghua LI,Kun HE. Risk assessing and privacy-preserving scheme for privacy leakage in APP[J]. Journal on Communications, 2019, 40(5): 13-23.

Figures/Tables 8

权限	$\hat{p}$	θ_l	θ_u	β_i	β_i	增长率
access_Wi-Fi_state	0.0	0.0	0.0	1.0	2.266	126%
read_external_storage	0.03	0.015	0.046	1.030	2.290	122%
write_call_log	0.0	0.0	0.0	1.0	2.150	115%
read_call_log	0.0	0.0	0.0	1.0	2.137	113%
call_phone	0.087	0.039	0.14	1.092	2.307	111%
read_phone_state	0.202	0.155	0.249	1.226	2.350	91.60%
access_fine_location	0.310	0.262	0.357	1.371	1.964	43.21%
receive_SMS	0.577	0.494	0.661	1.859	2.602	39.95%
access_coarse_location	0.356	0.303	0.408	1.440	1.989	38.10%
read_SMS	0.624	0.539	0.709	1.978	2.724	37.73%
get_accounts	0.207 8	0.169	0.244	1.233	1.646	33.51%
write_contacts	0.350	0.263	0.438	1.431	1.905	33.14%
read_contacts	0.469	0.410	0.528	1.633	2.171	32.97%
send_SMS	0.112	0.046	0.177	1.118	1.429	27.85%
camera	0.485 2	0.429	0.537	1.664	2.055	23.45%

References 26

[1]	李凤华, 李晖, 贾焰 ,等. 隐私计算研究范畴及发展趋势[J]. 通信学报, 2016,37(4): 1-11.
	LI F H , LI H , JIA Y ,et al. Privacy computing:concept,connotation and its research trend[J]. Journal on Communications, 2016,37(4): 1-11.
[2]	中国消费者协会. APP 个人信息泄露情况调查报告[R]. 中国消费者协会, 2018.
	CCA.Survey on personal information leakage by APP[R]. China Consumers Association, 2018.
[3]	奇虎360.2018中国手机安全生态研究报告[R]. 北京奇虎科技有限公司, 2018.
	Qihoo 360.China mobile phone safety ecology report[R]. Qihoo 360 Technology Co.,Ltd., 2018.
[4]	GRACE M C , ZHOU W , JIANG X ,et al. Unsafe exposure analysis of mobile in-APP advertisements[C]// The ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012: 101-112.
[5]	CHEN K , LIU P , ZHANG Y . Achieving accuracy and scalability simultaneously in detecting application clones on Android markets[C]// The ACM International Conference on Software Engineering. ACM, 2014: 175-186.
[6]	NARAYANAN A , CHEN L , CHAN C K . Addetect:automated detection of android ad libraries using semantic analysis[C]// The IEEE International Conference on Intelligent Sensors,Sensor Networks and Information Processing. IEEE, 2014: 1-6.
[7]	LIU B , LIU B , JIN H ,et al. Efficient privilege de-escalation for ad libraries in mobile APPs[C]// The ACM Annual International Conference on Mobile Systems,APPlications,and Services. ACM, 2015: 89-103.
[8]	CRUSSELL J , GIBLER C , CHEN H . Scalable semantics-based detection of similar android applications[C]// The European Symposium on Computer Security. 2013: 1-21.
[9]	WANG H , GUO Y , MA Z ,et al. WuKong:a scalable and accurate two-phase approach to Android APP clone detection[C]// The ACM International Symposium on Software Testing and Analysis. ACM, 2015: 71-82.
[10]	MA Z , WANG H , GUO Y ,et al. LibRadar:fast and accurate detection of third-party libraries in Android apps[C]// The ACM International Conference on Software Engineering. ACM, 2016: 653-656.
[11]	LI M , WANG W , WANG P ,et al. LibD:scalable and precise third-party library detection in android markets[C]// The ACM International Conference on Software Engineering. ACM, 2017: 335-346.
[12]	BACKES M , BUGIEL S , DERR E . Reliable third-party library detection in Android and its security applications[C]// The ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016: 356-367.
[13]	FELT A , HA E , EGELMAN S ,et al. Android permissions:User attention,comprehension,and behavior[C]// The ACM Symposium on Usable Privacy and Security. ACM, 2012: 1-14.
[14]	FAWAZ K , SHIN K G . Location privacy protection for smartphone users[C]// The ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 239-250.
[15]	TSAI L , WIJESEKERA P , REARDON J ,et al. Turtle guard:helping android users apply contextual privacy preferences[C]// The ACM Symposium on Usable Privacy and Security. ACM, 2017: 145-162.
[16]	AGARWAL Y , HALL M . ProtectMyPrivacy:detecting and mitigating privacy leaks on iOS devices using crowdsourcing[C]// The ACM Annual International Conference on Mobile Systems,APPlications,and Services. ACM, 2013: 97-110.
[17]	LIU B , LIN J , SADEH N . Reconciling mobile app privacy and usability on smartphones:could user privacy profiles help?[C]// The ACM International Conference on World Wide Web. ACM, 2014: 201-212.
[18]	LIU R , CAO J , YANG L ,et al. PriWe:recommendation for privacy settings of mobile APPs based on crowdsourced users[C]// IEEE International Conference on Mobile Services. IEEE, 2015: 150-157.
[19]	RASHIDI B , FUNG C , NGUYEN A ,et al. Android user privacy preserving through crowdsourcing[J]. IEEE Transactions on Information Forensics and Security, 2018,13(3): 773-787.
[20]	ZAKI M J . Scalable algorithms for association mining[J]. IEEE Transactions on Knowledge and Data Engineering, 2000,12(3): 372-390.
[21]	LU L , LI Z , WU Z ,et al. CHEX:statically vetting android apps for component hijacking vulnerabilities[C]// The ACM SIGSAC Conference on Computer and Communications Security. ACM, 2012: 229-240.
[22]	ENCK W , GILBERT P , HAN S ,et al. TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems, 2014,32(2): 1-29.
[23]	LIU K , TERZI E . A framework for computing the privacy scores of users in online social networks[J]. ACM Transactions on Knowledge Discovery from Data, 2010,5(1): 1-30.
[24]	LI F H , WANG X Y , NIU B ,et al. TrackU:exploiting user’s mobility behavior via wifi list[C]// IEEE Global Communications Conference (GLOBECOM). IEEE, 2017: 1-6.
[25]	EGIRAUL T . Google play unofficial python API[Z]. GitHub, 2016.
[26]	XING L , PAN X , WANG R ,et al. Upgrading your android,elevating my malware:privilege escalation through mobile OS updating[C]// The IEEE Symposium on Security and Privacy. IEEE, 2014: 393-408.

Metrics

Recommended 0

No Suggested Reading articles found!

数据集	最大值/个	最小值/个	平均值/个	中位数/个
D_n	25	3	4.18	4
D_m	24	15	16.45	16

Risk assessing and privacy-preserving scheme for privacy leakage in APP

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 26

Related Articles 15

Metrics

Recommended 0

[1]	Yingjie XIA, Siyu ZHU, Xuejiao LIU. Research on efficient cross trust-domain group authentication with conditional privacy of vehicle platoon under blockchian architecture [J]. Journal on Communications, 2023, 44(4): 111-123.
[2]	Shengxing YU, Zhong CHEN. Efficient secure federated learning aggregation framework based on homomorphic encryption [J]. Journal on Communications, 2023, 44(1): 14-28.
[3]	Haining YU, Hongli ZHANG, Xiangzhan YU, Jiaxing QU, Mengmeng GE. Privacy-preserving trajectory similarity computation method [J]. Journal on Communications, 2022, 43(11): 1-13.
[4]	Tao PENG, Wentao ZHONG, Guojun WANG, Entao LUO, Jinbo XIONG, Yining LIU, Wang Hao. Privacy-preserving precise profile matching in mobile social network [J]. Journal on Communications, 2022, 43(11): 90-103.
[5]	Rui SHI, Huamin FENG, Huiqin XIE, Guozhen SHI, Biao LIU, Yang YANG. Privacy-preserving attribute ticket scheme based on mobile terminal with smart card [J]. Journal on Communications, 2022, 43(10): 26-41.
[6]	Jinbo XIONG, Yongjie ZHOU, Renwan BI, Liang WAN, Youliang TIAN. Towards edge-collaborative, lightweight and privacy-preserving classification framework [J]. Journal on Communications, 2022, 43(1): 127-137.
[7]	Yubo SONG, Qi CHEN, Rui SONG, Aiqun HU. Android application privacy protection mechanism based on virtual machine bytecode injection [J]. Journal on Communications, 2021, 42(6): 171-181.
[8]	Jiawei QIN, Hua ZHANG, Hanbing YAN, Nengqiang HE, Tengfei TU. Research on context-aware Android application vulnerability detection [J]. Journal on Communications, 2021, 42(11): 13-27.
[9]	Jiaqi WANG,Ning LU,Qingfeng CHENG,Zhaoxia WU,Wenbo SHI. Privacy-preserving multi-attribute reverse spectrum auction scheme [J]. Journal on Communications, 2020, 41(9): 77-91.
[10]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[11]	Yousheng ZHOU,Chang TAN,Fei TANG. Multi-dimensional secure query scheme for fog-enhanced IIoT [J]. Journal on Communications, 2020, 41(8): 175-186.
[12]	Jiayin LI,Wenzhong GUO,Xiaoyan LI,Ximeng LIU. Privacy-preserving real-time road conditions monitoring scheme based on intelligent traffic [J]. Journal on Communications, 2020, 41(7): 73-83.
[13]	Ming LI,Xiaopeng YANG,Hui ZHU,Fengwei WANG,Qi LI. Efficient and privacy-preserving online face authentication scheme [J]. Journal on Communications, 2020, 41(5): 205-214.
[14]	Zhu WANG,Kun HE,Xinyu WANG,Ben NIU,Fenghua LI. Traffic characteristic based privacy leakage assessment scheme for Android device [J]. Journal on Communications, 2020, 41(2): 155-164.
[15]	Xiangyu WANG,Jianfeng MA,Yinbin MIAO. Efficient privacy-preserving image retrieval scheme over outsourced data with multi-user [J]. Journal on Communications, 2019, 40(2): 31-39.