Title: A Privacy Enforcing Framework for Android Applications
Citation: COMPUTERS & SECURITY vol. 62 p. 257–277
Publication Year: 2016
JRC N°: JRC102624
ISSN: 0167-4048
URI: http://www.sciencedirect.com/science/article/pii/S0167404816300840
DOI: 10.1016/j.cose.2016.07.005
Type: Articles in periodicals and books
Abstract: The widespread adoption of the Android operating system in a variety type of devices ranging from smart phones to smart TVs, makes it an interesting target for developers of malevolent applications. In the current security model of Android, applications are granted several permissions during their installation. Users do not have means to easily understand the implications of these permissions. In this paper, we propose an approach to enforce fine-grained usage control privacy policies that enable users to control the access of applications to sensitive resources through application instrumentation. The purpose of this work is enhancing the control users have on privacy, confidentiality and security of their mobile devices, with regards to software intrusive behaviours. Our approach on a side foresees the use of instrumentation techniques, and on the other includes a refinement step where high-level resource-centric abstract policies defined by users are automatically refined to enforceable concrete policies considering the resource being used and not the specific multiple concrete API methods that may allow an app to access the specific sensitive resources. For example, access to the user location may be done using multiple API methods that should be instrumented and controlled according to the user selected privacy policies. We enforce our approach on well known Android applications, while we demonstrate evaluation performance implications under different scenarios.
JRC Directorate:Space, Security and Migration

Files in This Item:
There are no files associated with this item.

Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.