PrivateDroid: Private Browsing Mode for Android

Private browsing mode is a privacy feature adopted by many modern computer browsers. With the increased use of mobile devices and escalating privacy concerns for mobile users, browser applications on mobile devices have also started incorporating private browsing mode. Even so, the use of private browsing mode is limited to the browser applications and cannot be applied directly on other third-party mobile applications. In this paper, we propose Private Droid, which provides a private browsing mode for third-party applications on the Android platform. First, we discuss three possible approaches of implementing mobile private browsing mode: code instrumentation, an extra sandbox, and a Linux container approach. Then, we implement Private Droid, which creates a new sandbox for every application in private mode and destroys the sandbox once the application is closed. After that, we evaluate usability, efficiency and security of the system with 25 popular Android applications. Our design considerations, implementation details, evaluation results, and challenges lay a foundation of private browsing mode on mobile platforms.

[1]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[2]  Dan Boneh,et al.  An Analysis of Private Browsing Modes in Modern Browsers , 2010, USENIX Security Symposium.

[3]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[4]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[5]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[6]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[7]  Otfried Georg Global System for Mobile Communications (GSM) , 2000 .

[8]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[9]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[10]  Eric Yawei Chen,et al.  App isolation: get the security of multiple browsers with just one , 2011, CCS '11.

[11]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[12]  Zhemin Yang,et al.  LeakMiner: Detect Information Leakage on Android with Static Taint Analysis , 2012, 2012 Third World Congress on Software Engineering.

[13]  Jiang Wang,et al.  SafeFox: A Safe Lightweight Virtual Browsing Environment , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[14]  Yang Tang,et al.  CleanOS: Limiting Mobile Data Exposure with Idle Eviction , 2012, OSDI.

[15]  Vitaly Shmatikov,et al.  Eternal Sunshine of the Spotless Machine: Protecting Privacy with Ephemeral Channels , 2012, OSDI.

[16]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Roksana Boreli,et al.  On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[18]  Martín Abadi,et al.  Host Fingerprinting and Tracking on the Web: Privacy and Security Implications , 2012, NDSS.

[19]  Barry Leiba,et al.  OAuth Web Authorization Protocol , 2012, IEEE Internet Computing.

[20]  K. Yi,et al.  Static Analyzer for Detecting Privacy Leaks in Android Applications , 2012 .

[21]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[22]  Umesh Shankar,et al.  Doppelganger: Better browser privacy without the bother , 2006, CCS '06.

[23]  William K. Robertson,et al.  PrivExec: Private Execution as an Operating System Service , 2013, 2013 IEEE Symposium on Security and Privacy.

[24]  Raphael C.-W. Phan Review of Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition by Ross J. Anderson , 2009, Cryptologia.

[25]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .