ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic

It is well known that apps running on mobile devices extensively track and leak users' personally identifiable information (PII); however, these users have little visibility into PII leaked through the network traffic generated by their devices, and have poor control over how, when and where that traffic is sent and handled by third parties. In this paper, we present the design, implementation, and evaluation of ReCon: a cross-platform system that reveals PII leaks and gives users control over them without requiring any special privileges or custom OSes. ReCon leverages machine learning to reveal potential PII leaks by inspecting network traffic, and provides a visualization tool to empower users with the ability to control these leaks via blocking or substitution of PII. We evaluate ReCon's effectiveness with measurements from controlled experiments using leaks from the 100 most popular iOS, Android, and Windows Phone apps, and via an IRB-approved user study with 92 participants. We show that ReCon is accurate, efficient, and identifies a wider range of PII than previous approaches.Comment: Please use MobiSys version when referencing this work: http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob

Network Activity Monitoring Against Malware in Android Operating System

Google’s Android is the most used Operating System in mobile devices but as its popularity has increased hackers have taken advantage of the momentum to plague Google Play (Android’s Application Store) with multipurpose Malware that is capable of stealing private information and give the hacker remote control of smartphone’s features in the worst cases. This work presents an innovative methodology that helps in the process of malware detection for Android Operating System, which addresses aforementioned problem from a different perspective that even popular Anti-Malware software has left aside. It is based on the analysis of a common characteristic to all different kinds of malware: the need of network communications, so the victim device can interact with the attacker. It is important to highlight that in order to improve the security level in Android, our methodology should be considered in the process of malware detection. As main characteristic, it does not need to install additional kernel modules or to root the Android device. And finally as additional characteristic, it is as simple as can be considered for non-experienced users

A Novel Approach to Trojan Horse Detection in Mobile Phones Messaging and Bluetooth Services

A method to detect Trojan horses in messaging and Bluetooth in mobile phones by means of monitoring the events produced by the infections is presented in this paper. The structure of the detection approach is split into two modules: the first is the Monitoring module which controls connection requests and sent/received files, and the second is the Graphical User module which shows messages and, under suspicious situations, reports the user about a possible malware. Prototypes have been implemented on different mobile operating systems to test its feasibility on real cellphone malware. Experimental results are shown to be promising since this approach effectively detects various known malwareMinisterio de Ciencia e Innovación TIN2009-14378-C02-0