DroidContext: Identifying Malicious Mobile Privacy Leak Using Context

Serious concerns have been raised about stealthy leakage of users privacy in mobile apps, and many recent approaches are also proposed to detect privacy leak in these apps. However, more and more benign mobile apps have to send out user's privacy for legitimate functions or user intention. To evade detection, new mobile malware starts to mimic privacy-related behaviors of benign apps that provide similar functionality, and mix malicious privacy leak with benign ones to reduce the chance of being observed. Since prior proposed approaches primarily focus on the privacy leak discovery, these evasive techniques in new mobile malware will make differentiating between malicious and benign privacy disclosures a difficult task during privacy leak analysis. In this paper, we propose DroidContext, an automated system that detects truly malicious privacy leakages in Android apps. DroidContext differentiates malicious and benign privacy disclosures using contexts (e.g., activation events and dependent operations that trigger and control privacy leak execution), purifying the privacy leak detection results for automatic and easy interpretation by filtering out benign privacy disclosures. We implement a prototype of DroidContext and evaluate DroidContext on 5560 mobile malware and 4800 Apkure apps. Experiment results show that, on average, DroidContext achieves a high 92.85% true positive during malicious privacy identification and the 95.45% true positive during benign privacy disclosures identification. The necessity of proposed contexts is also evaluated. Evaluation indicates that to keep the accuracy of privacy disclosure classification, our proposed contexts are all necessary.

[1]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[2]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[3]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[4]  Xiaolei Wang,et al.  A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection , 2015, MCS '15.

[5]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[6]  Julia Rubin,et al.  A Bayesian Approach to Privacy Enforcement in Smartphones , 2014, USENIX Security Symposium.

[7]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[8]  Alessandra Gorla,et al.  Mining Apps for Abnormal Usage of Sensitive Data , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[9]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[10]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[11]  Christopher Krügel,et al.  EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework , 2015, NDSS.

[12]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[13]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[14]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[15]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[16]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[17]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[18]  Vitalii Avdiienko Mining Patterns of Sensitive Data Usage , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[19]  Xin Chen,et al.  DroidJust: automated functionality-aware privacy leakage analysis for Android applications , 2015, WISEC.

[20]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[21]  Yajin Zhou,et al.  Detecting Passive Content Leaks and Pollution in Android Applications , 2013, NDSS.

[22]  Wenke Lee,et al.  Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting , 2015, NDSS.

[23]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.