CUPA: A Configurable User Privacy Approach For Android Mobile Application

Mobile applications can collect large private user data including user bank details, contact numbers, photos, saved locations, etc. This poses privacy concerns on many users while using mobile applications. In Android 6.0 and above, users can control apps permissions, where the system allows users to grant and block the dangerous apps permissions at any time. However, there are additional permissions used by the apps (normal permissions) that cannot be controlled by users, which may eventually lead to many privacy violations. In this paper, we present a new approach (CUPA) that provides users with the ability to control applications’ access to Android system resources and private data based on user-defined policies. This approach allows users to reduce the level of privacy violation by providing them with some options that are not available in the Android permission system during the installation and run-time of Android apps. The proposed approach enables users to control the behavior of the apps, including the app network connections, permissions list, and app to app communication. The proposed approach consists of three main components that can check the app behaviors during the installation and run-time, provide the users with resources and data filtration and allow users to take appropriate actions to control the leakage of the application.

[1]  Ethiopia Nigussie,et al.  CoDRA: Context-based dynamically reconfigurable access control system for android , 2018, J. Netw. Comput. Appl..

[2]  Alessandro Acquisti,et al.  Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.

[3]  Zhi Xu,et al.  SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones , 2015, CODASPY.

[4]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[5]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[6]  George Candea,et al.  Making Smartphone Application Permissions Meaningful for the Average User , 2019, ArXiv.

[7]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[8]  Insik Shin,et al.  FLEXDROID: Enforcing In-App Privilege Separation in Android , 2016, NDSS.

[9]  David A. Wagner,et al.  The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[10]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[11]  Zheng Yan,et al.  A privacy-preserving mobile application recommender system based on trust evaluation , 2018, J. Comput. Sci..

[12]  Muneer Ahmad Dar,et al.  Evaluation of Security and Privacy of Smartphone Users , 2018, 2018 Fourth International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics (AEEICB).

[13]  Ricardo Neisse,et al.  A privacy enforcing framework for Android applications , 2016, Comput. Secur..

[14]  Narseo Vallina-Rodriguez,et al.  An Analysis of Pre-installed Android Software , 2019, 2020 IEEE Symposium on Security and Privacy (SP).

[16]  Carol J. Fung,et al.  Android fine-grained permission control system with real-time expert recommendations , 2016, Pervasive Mob. Comput..

[17]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[18]  T. Yorozu,et al.  Electron Spectroscopy Studies on Magneto-Optical Media and Plastic Substrate Interface , 1987, IEEE Translation Journal on Magnetics in Japan.

[19]  H. E. Chandler,et al.  Technical writer's handbook , 1982, IEEE Transactions on Professional Communication.

[20]  Peter Corcoran,et al.  Privacy concerns on Android devices , 2017, 2017 IEEE International Conference on Consumer Electronics (ICCE).

[21]  Tao Wang,et al.  An Android Malware Detection System Based on Feature Fusion , 2018, Chinese Journal of Electronics.

[22]  Sam Malek,et al.  Determination and Enforcement of Least-Privilege Architecture in Android , 2017, 2017 IEEE International Conference on Software Architecture (ICSA).

[23]  Ashwin Machanavajjhala,et al.  Permissions Plugins as Android Apps , 2019, MobiSys.

[24]  David A. Wagner,et al.  Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences , 2017, SOUPS.

[25]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[26]  Xin Chen,et al.  SweetDroid: Toward a Context-Sensitive Privacy Policy Enforcement Framework for Android OS , 2017, WPES@CCS.

[27]  Prabhat Kumar,et al.  Privacy Analysis of Android Applications: State-of-art and Literary Assessment , 2017, Scalable Comput. Pract. Exp..

[28]  Ram Krishnan,et al.  Toward a Framework for Detecting Privacy Policy Violations in Android Application Code , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[29]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[30]  Zhuoqing Morley Mao,et al.  AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users , 2013, CODASPY.

[31]  Gianluca Dini,et al.  Risk analysis of Android applications: A user-centric solution , 2018, Future Gener. Comput. Syst..

[32]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[33]  Jason I. Hong,et al.  Does this App Really Need My Location? , 2017, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..