ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic

It is well known that apps running on mobile devices extensively track and leak users' personally identifiable information (PII); however, these users have little visibility into PII leaked through the network traffic generated by their devices, and have poor control over how, when and where that traffic is sent and handled by third parties. In this paper, we present the design, implementation, and evaluation of ReCon: a cross-platform system that reveals PII leaks and gives users control over them without requiring any special privileges or custom OSes. ReCon leverages machine learning to reveal potential PII leaks by inspecting network traffic, and provides a visualization tool to empower users with the ability to control these leaks via blocking or substitution of PII. We evaluate ReCon's effectiveness with measurements from controlled experiments using leaks from the 100 most popular iOS, Android, and Windows Phone apps, and via an IRB-approved user study with 92 participants. We show that ReCon is accurate, efficient, and identifies a wider range of PII than previous approaches.Comment: Please use MobiSys version when referencing this work: http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob

I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components, which improves the precision of the analysis. IccTA outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our approach detects 147 inter-component based privacy leaks in 14 applications in a set of 3000 real-world applications with a precision of 88.4%. With the help of ApkCombiner, our approach is able to detect inter-app based privacy leaks

Security and Privacy for Ubiquitous Mobile Devices

We live in a world where mobile devices are already ubiquitous. It is estimated that in the United States approximately two thirds of adults own a smartphone, and that for many, these devices are their primary method of accessing the Internet. World wide, it is estimated that in May of 2014 there were 6.9 billion mobile cellular subscriptions, almost as much as the world population. of these 6.9 billion, approximately 1 billion are smart devices, which are concentrated in the developed world. In the developing world, users are moving from feature phones to smart devices as a result of lower prices and marketing efforts. Because smart mobile devices are ubiquitous, security and privacy are primary concerns. Threats such as mobile malware are already substantial, with over 2500 different types identified in 2010 alone. It is likely that, as the smart device market continues to grow, so to will concerns about privacy, security, and malicious software. This is especially true, because these mobile devices are relatively new. Our research focuses on increasing the security and privacy of user data on smart mobile devices. We propose three applications in this domain: (1) a service that provides private, mobile location sharing; (2) a secure, intuitive proximity networking solution; and (3) a potential attack vector in mobile devices, which utilizes novel covert channels. We also propose a first step defense mechanism against these covert channels. Our first project is the design and implementation of a service, which provides users with private and secure location sharing. This is useful for a variety of applications such as online dating, taxi cab services, and social networking. Our service allows users to share their location with one another with trust and location based access controls. We allow users to identify if they are within a certain distance of one another, without either party revealing their location to one another, or any third party. We design this service to be practical and efficient, requiring no changes to the cellular infrastructure and no explicit encryption key management for the users. For our second application, we build a modem, which enables users to share relatively small pieces of information with those that are near by, also known as proximity based networking. Currently there are several mediums which can be used to achieve proximity networking such as NFC, bluetooth, and WiFi direct. Unfortunately, these currently available schemes suffer from a variety of drawbacks including slow adoption by mobile device hardware manufactures, relatively poor usability, and wide range, omni-directional propagation. We propose a new scheme, which utilizes ultrasonic (high frequency) audio on typical smart mobile devices, as a method of communication between proximal devices. Because mobile devices already carry the necessary hardware for ultrasound, adoption is much easier. Additionally, ultrasound has a limited and highly intuitive propagation pattern because it is highly directional, and can be easily controlled using the volume controls on the devices. Our ultrasound modem is fast, achieving several thousand bits per second throughput, non-intrusive because it is inaudible, and secure, requiring attackers with normal hardware to be less than or equal to the distance between the sender and receiver (a few centimeters in our tests). Our third work exposes a novel attack vector utilizing physical media covert channels on smart devices, in conjunction with privilege escalation and confused deputy attacks. This ultimately results in information leakage attacks, which allow the attacker to gain access to sensitive information stored on a user\u27s smart mobile device such as their location, passwords, emails, SMS messages and more. Our attack uses our novel physical media covert channels to launder sensitive information, thereby circumventing state of the art, taint-tracking analysis based defenses and, at the same time, the current, widely deployed permission systems employed by mobile operating systems. We propose and implement a variety of physical media covert channels, which demonstrate different strengths such as high speed, low error rate, and stealth. By proposing several different channels, we make defense of such an attack much more difficult. Despite the challenging situation, in this work we also propose a novel defense technique as a first step towards research on more robust approaches. as a contribution to the field, we present these three systems, which together enrich the smart mobile experience, while providing mobile security and keeping privacy in mind. Our third approach specifically, presents a unique attack, which has not been seen in the wild , in an effort to keep ahead of malicious efforts

PrivacyGuard: A VPN-Based Approach to Detect Privacy Leakages on Android Devices

The Internet is now the most important and efficient way to gain information, and mobile devices are the easiest way to access the Internet. Furthermore, wearable devices, which can be considered to be the next generation of mobile devices, are becoming popular. The more people rely on mobile devices, the more private information about these people can be gathered from their devices. If a device is lost or compromised, much private information is revealed. Although today’s smartphone operating systems are trying to provide a secure environment, they still fail to provide users with adequate control over and visibility into how third-party applications use their private data. The privacy leakage problem on mobile devices is still severe. For example, according a field study [1] done by CMU recently, Android applications track users’ location every three minutes in average. After the PRISM program, a surveillance program done by NSA, is exposed, people are becoming increasingly aware of the mobile privacy leakages. However, there are few tools available to average users for privacy preserving. Most tools developed by recent work have some problems (details can be found in chapter 2). To address these problems, we present PrivacyGuard, an efficient way to simultaneously detect leakage of multiple types of sensitive data, such as a phone’s IMEI number or location data. PrivacyGuard provides real-time protection. It is possible to modify the leaked information and replace it with crafted data to achieve protection. PrivacyGuard is configurable, extensible and useful for other research. We implement PrivacyGuard on the Android platform by taking advantage of the VPNService class provided by the Android SDK. PrivacyGuard does not require root per- missions to run on a device and does not require any knowledge about VPN technology from users either. The VPN server runs on the device locally. No external servers are required. According to our experiments, PrivacyGuard can effectively detect privacy leak- ages of most applications and advertisement libraries with almost no overhead on power consumption and reasonable overhead on network speed