Masquerade of mobile applications: Introducing unlinkability in a practical way

Smartphone apps are becoming a popular vehicle to collect users' personal interests, demographics and other private information. Due to lack of regulation, a curious party can covertly link and aggregate sensitive information from independent sources (sessions or apps) over time to conduct unwanted user profiling, targeted advertising or surveillance. Such unregulated aggregation is rooted at the non-existence of unlinkability in the mobile ecosystem. On one hand, the mobile ecosystem is over-populated with various persistent identifiers and fueled by the abundance of user information; on the other hand, users only expect app usages that are functionally-dependent to be linkable. To bridge this gap, we propose a practical solution, called Mask, that allows users to negotiate to what extent his behavior can be linked and aggregated. Specifically, Mask introduces a set of private execution modes which enable different levels of unlinkability. Mask is a user-level solution and does not require any change in the existing ecosystem, thus allowing for easy deployment. We present the technical details and challenges of our user-level implementation and evaluate its runtime performance as well as applicability.

[1]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[2]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[3]  Benjamin Livshits,et al.  MoRePriv: mobile OS support for application personalization and privacy , 2014, ACSAC.

[4]  Hao Chen,et al.  Investigating User Privacy in Android Ad Libraries , 2012 .

[5]  Jonathan E. Cook,et al.  DDL : Extending Dynamic Linking for Program Customization , Analysis , and Evolution , 2004 .

[6]  Aleksandar Kuzmanovic,et al.  Mosaic: quantifying privacy leakage in mobile networks , 2013, SIGCOMM.

[7]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[8]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[9]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[10]  Kang G. Shin,et al.  LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors , 2015, USENIX Security Symposium.

[11]  Vitaly Shmatikov,et al.  πBox: A Platform for Privacy-Preserving Apps , 2013 .

[12]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[13]  D. Wetherall,et al.  A Study of Third-Party Tracking by Mobile Apps in the Wild , 2012 .

[14]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[15]  Mahesh Balakrishnan,et al.  Where's that phone?: geolocating IP addresses on 3G networks , 2009, IMC '09.

[16]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.