Differentiated context-aware hook placement for different owners' smartphones

A hook is a piece of code. It checks user privacy policy before some sensitive operations happen. We propose an automated solution named Prihook for hook placement in the Android Framework. Addressing specific context-aware user privacy concerns, the hook placement in Prihook is personalized. Specifically, we design User Privacy Preference Table (UPPT) to help a user express his privacy concerns. And we leverage machine learning to discover a Potential Method Set (consisting of Sensor Data Access Methods and Sensor Control Methods) from which we can select a particular subset to put hooks. We propose a mapping from words in the UPPT lexicon to methods in the Potential Method Set. With this mapping, Prihook is able to (a) select a specific set of methods; and (b) generate and place hooks automatically. We test Prihook separately on 6 typical UPPTs representing 6 kinds of resource-sensitive UPPTs, and no user privacy violation is found. The experimental results show that the hooks placed by PriHook have small runtime overhead.

[1]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[2]  Somesh Jha,et al.  Automatic placement of authorization hooks in the linux security modules framework , 2005, CCS '05.

[3]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[4]  Xiapu Luo,et al.  On Tracking Information Flows through JNI in Android Applications , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[5]  James A. Landay,et al.  MyExperience: a system for in situ tracing and capturing of user feedback on mobile phones , 2007, MobiSys '07.

[6]  George Giannoulis,et al.  Personalized location based services with respect to privacy: a user oriented approach , 2009, PETRA '09.

[7]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[8]  Jiqiang Liu,et al.  Exploring sensor usage behaviors of Android applications based on data flow analysis , 2015, 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC).

[9]  Gabi Nakibly,et al.  Gyrophone: Recognizing Speech from Gyroscope Signals , 2014, USENIX Security Symposium.

[10]  Jeremy Wood Preserving location privacy by distinguishing between public and private spaces , 2012, UbiComp '12.

[11]  Nigel Davies,et al.  Preserving Privacy in Environments with Location-Based Applications , 2003, IEEE Pervasive Comput..

[12]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[13]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[14]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[15]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[16]  Maria Luisa Damiani,et al.  Privacy issues in location-aware browsing , 2010, SPRINGL '10.

[17]  L. Cranor,et al.  Curbing Android Permission Creep , 2011 .

[18]  Lukasz Ziarek,et al.  Information flows as a permission mechanism , 2014, ASE.

[19]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[20]  Helen J. Wang,et al.  World-Driven Access Control for Continuous Sensing , 2014, CCS.

[21]  Pat Langley,et al.  Estimating Continuous Distributions in Bayesian Classifiers , 1995, UAI.

[22]  Tara Matthews,et al.  Location disclosure to social relations: why, when, & what people want to share , 2005, CHI.

[23]  Norman M. Sadeh,et al.  Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help? , 2014, WWW.

[24]  Zhi Xu,et al.  SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones , 2015, CODASPY.

[25]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[26]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[27]  Mani B. Srivastava,et al.  Privacy risks emerging from the adoption of innocuous wearable sensors in the mobile environment , 2011, CHI.

[28]  Xiangyu Liu,et al.  When Good Becomes Evil: Keystroke Inference with Smartwatch , 2015, CCS.

[29]  John Krumm,et al.  Exploring end user preferences for location obfuscation, location-based services, and the value of location , 2010, UbiComp.

[30]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[31]  Yoshiharu Ishikawa,et al.  Anonymizing user location and profile information for privacy-aware mobile services , 2010, LBSN '10.

[32]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[33]  Tristan Henderson,et al.  Privacy in Location-Aware Computing Environments , 2007, IEEE Pervasive Computing.

[34]  Avrim Blum,et al.  The Bottleneck , 2021, Monopsony Capitalism.

[35]  José Simão,et al.  Jano: specification and enforcement of location privacy in mobile and pervasive environments , 2010, M-MPAC '10.

[36]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[37]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[38]  Ahmed Karmouch,et al.  Policy-Based Personalized Context Dissemination for Location-Aware Services , 2010, MobiQuitous.

[39]  Ardalan Amiri Sani,et al.  Viola: Trustworthy Sensor Notifications for Enhanced Privacy on Mobile Systems , 2016, IEEE Transactions on Mobile Computing.

[40]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[41]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[42]  David J. Crandall,et al.  PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces , 2014, NDSS.

[43]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[44]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[45]  Johann-Christoph Freytag,et al.  Privacy in location-aware systems , 2009, SIGSPACIAL.

[46]  Eija Kaasinen,et al.  User needs for location-aware mobile services , 2003, Personal and Ubiquitous Computing.

[47]  Ondrej Lhoták,et al.  Practical Extensions to the IFDS Algorithm , 2010, CC.

[48]  Ajith K. Narayanan Realms and states: a framework for location aware mobile computing , 2001, WMC '01.

[49]  Trent Jaeger,et al.  Leveraging "choice" to automate authorization hook placement , 2012, CCS '12.

[50]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[51]  John C. S. Lui,et al.  TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime , 2016, CCS.

[52]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[53]  Zhuoqing Morley Mao,et al.  Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework , 2016, NDSS.

[54]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[55]  Liviu Iftode,et al.  Regulating ARM TrustZone Devices in Restricted Spaces , 2016, MobiSys.

[56]  Erik Derr,et al.  On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis , 2016, USENIX Security Symposium.

[57]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[58]  Triet Vo Huu,et al.  Inferring User Routes and Locations Using Zero-Permission Mobile Sensors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[59]  Yuqiong Sun,et al.  AuDroid: Preventing Attacks on Audio Channels in Mobile Devices , 2015, ACSAC.

[60]  Mohammad Emtiyaz Khan,et al.  SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[61]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[62]  Nitesh Saxena,et al.  SMASheD: Sniffing and Manipulating Android Sensor Data , 2016, CODASPY.