Securing the mobile environment: firewall anti-leak of sensitive data on smartphone

The growth of the smartphone 1 market broke the record in recent years, smartphones have become more robust tools in terms of storage capacity and computing power, effective tools for business to improve productivity, and daily tools for many people due to the various services they offer and allow to end users to perform multiple tasks and be always updated on the move. This has made it a favorite target for malicious applications that specifically attack their personal and professional data. To overcome this problem, mobile platforms have set up a security system based on the permissions model; the user decides whether to validate the permissions requested by an application before installation, or to abort the installation. In case the user needs to install an application, and that application requests unjustified permissions, this represents a particularly troublesome weakness. In this study, we are going to handle the case of the Open Source Android platform, currently managed by Google. Despite the efforts to create a scalable and secure operating system, Google is not able to process the information of user privacy. Any Android application can discreetly retrieve sensitive data from the smartphone without notifying the user. In this paper, we propose a firewall Anti-Leak of Sensitive Data on Smartphone (ALSDS), allowing reliable protection against leakage of sensitive personal and professional data, and it allows providing notifications to the user. This integrated solution to the mobile operating system is based on automated analysis of markets; it allows blocking applications query on the sensitive data while ensuring their proper functioning.

[1]  Christian Jung,et al.  Context-Aware, Data-Driven Policy Enforcement for Smart Mobile Devices in Business Environments , 2012, MobiSec.

[2]  B. E. Ouahidi,et al.  MOBILE SECURITY : SECURITY MECHANISMS AND PROTECTION OF MOBILE APPLICATIONS , 2014 .

[3]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[4]  J. Vincent,et al.  Protection de la vie privée basée sur des ontologies dans un système Android , 2012 .

[5]  Christoph Stach How to Deal with Third Party Apps in a Privacy System -- The PMP Gatekeeper -- , 2015, 2015 16th IEEE International Conference on Mobile Data Management.

[6]  Kim-Kwang Raymond Choo,et al.  Enhancing User Privacy on Android Mobile Devices via Permissions Removal , 2014, 2014 47th Hawaii International Conference on System Sciences.

[7]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[8]  Michael Backes,et al.  AppGuard — Real-time policy en- forcement for third-party applications , 2012 .

[9]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[10]  Mauro Conti,et al.  MOSES: Supporting and Enforcing Security Profiles on Smartphones , 2014, IEEE Transactions on Dependable and Secure Computing.

[11]  Sougata Mukherjea,et al.  Securing Enterprise Data on Smartphones Using Run Time Information Flow Control , 2012, 2012 IEEE 13th International Conference on Mobile Data Management.