9,167 research outputs found
Privacy Sensitive Resource Access Monitoring For Android Systems
Mobile devices, with an extensive array of capabilities and flexibility, are sometimes said to be an extension of the human body. Enhancing device capabilities and incorporating them into everyday life have always been a huge focus of the mobile industry. In the area of mobile data collection, existing works collect various types of user behavior data via mobile device usage, and use the data to aid in further understanding of human behavior. Typical data collection utilizes application or background service installed on the mobile device with user permission to collect data such as accelerometer, call logs, location, wifi transmission, etc. In this process, sensitive user information is tracked through a data tainting process. Contrary to the existing works, this research aims at collecting application behavior instead of user behavior. The goal is to provide a means to analyze how background services access mobile resources, and potentially identify suspicious applications that access sensitive user information. This investigation proposes an approach to track the access of mobile resources in a real time and sequential way. Specifically, the approach integrates the concept of taint tracking. Each identified user privacy sensitive resource is tagged and marked for tracking. The approach is composed of three different components: collection mechanism, collection client, and collection server. The collection mechanism resides in the Android OS to detect any incoming activity to privacy sensitive mobile resources. Whenever detection occurs, the collection client processes the formatted information. The collection client then communicates with an external server to store the gathered data. From these data, responsible applications, affected resources, and transmitted data were identified along with sequences of activity resulting from specific user actions. The result is a dynamic, real-time resource for monitoring the process flow of applications. Statistical analysis of sample data collected will be presented to demonstrate some interesting application behaviors and the potential usage of the application behavior data collection process
Survey of End-to-End Mobile Network Measurement Testbeds, Tools, and Services
Mobile (cellular) networks enable innovation, but can also stifle it and lead
to user frustration when network performance falls below expectations. As
mobile networks become the predominant method of Internet access, developer,
research, network operator, and regulatory communities have taken an increased
interest in measuring end-to-end mobile network performance to, among other
goals, minimize negative impact on application responsiveness. In this survey
we examine current approaches to end-to-end mobile network performance
measurement, diagnosis, and application prototyping. We compare available tools
and their shortcomings with respect to the needs of researchers, developers,
regulators, and the public. We intend for this survey to provide a
comprehensive view of currently active efforts and some auspicious directions
for future work in mobile network measurement and mobile application
performance evaluation.Comment: Submitted to IEEE Communications Surveys and Tutorials. arXiv does
not format the URL references correctly. For a correctly formatted version of
this paper go to
http://www.cs.montana.edu/mwittie/publications/Goel14Survey.pd
Android Permissions Remystified: A Field Study on Contextual Integrity
Due to the amount of data that smartphone applications can potentially
access, platforms enforce permission systems that allow users to regulate how
applications access protected resources. If users are asked to make security
decisions too frequently and in benign situations, they may become habituated
and approve all future requests without regard for the consequences. If they
are asked to make too few security decisions, they may become concerned that
the platform is revealing too much sensitive information. To explore this
tradeoff, we instrumented the Android platform to collect data regarding how
often and under what circumstances smartphone applications are accessing
protected resources regulated by permissions. We performed a 36-person field
study to explore the notion of "contextual integrity," that is, how often are
applications accessing protected resources when users are not expecting it?
Based on our collection of 27 million data points and exit interviews with
participants, we examine the situations in which users would like the ability
to deny applications access to protected resources. We found out that at least
80% of our participants would have preferred to prevent at least one permission
request, and overall, they thought that over a third of requests were invasive
and desired a mechanism to block them
In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments
In this paper we claim that an efficient and readily applicable means to
improve privacy of Android applications is: 1) to perform runtime monitoring by
instrumenting the application bytecode and 2) in-vivo, i.e. directly on the
smartphone. We present a tool chain to do this and present experimental results
showing that this tool chain can run on smartphones in a reasonable amount of
time and with a realistic effort. Our findings also identify challenges to be
addressed before running powerful runtime monitoring and instrumentations
directly on smartphones. We implemented two use-cases leveraging the tool
chain: BetterPermissions, a fine-grained user centric permission policy system
and AdRemover an advertisement remover. Both prototypes improve the privacy of
Android systems thanks to in-vivo bytecode instrumentation.Comment: ISBN: 978-2-87971-111-
The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
Current smartphone operating systems regulate application permissions by
prompting users on an ask-on-first-use basis. Prior research has shown that
this method is ineffective because it fails to account for context: the
circumstances under which an application first requests access to data may be
vastly different than the circumstances under which it subsequently requests
access. We performed a longitudinal 131-person field study to analyze the
contextuality behind user privacy decisions to regulate access to sensitive
resources. We built a classifier to make privacy decisions on the user's behalf
by detecting when context has changed and, when necessary, inferring privacy
preferences based on the user's past decisions and behavior. Our goal is to
automatically grant appropriate resource requests without further user
intervention, deny inappropriate requests, and only prompt the user when the
system is uncertain of the user's preferences. We show that our approach can
accurately predict users' privacy decisions 96.8% of the time, which is a
four-fold reduction in error rate compared to current systems.Comment: 17 pages, 4 figure
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
It is well known that apps running on mobile devices extensively track and
leak users' personally identifiable information (PII); however, these users
have little visibility into PII leaked through the network traffic generated by
their devices, and have poor control over how, when and where that traffic is
sent and handled by third parties. In this paper, we present the design,
implementation, and evaluation of ReCon: a cross-platform system that reveals
PII leaks and gives users control over them without requiring any special
privileges or custom OSes. ReCon leverages machine learning to reveal potential
PII leaks by inspecting network traffic, and provides a visualization tool to
empower users with the ability to control these leaks via blocking or
substitution of PII. We evaluate ReCon's effectiveness with measurements from
controlled experiments using leaks from the 100 most popular iOS, Android, and
Windows Phone apps, and via an IRB-approved user study with 92 participants. We
show that ReCon is accurate, efficient, and identifies a wider range of PII
than previous approaches.Comment: Please use MobiSys version when referencing this work:
http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob
- …