An official website of the European Union How do you know?      
European Commission logo
JRC Publications Repository Menu

Mobile Applications Privacy, Towards a methodology to identify over-privileged applications

cover
Smart-phones are today used to perform a huge amount of online activities. They are used as interfaces to access the cloud, as storage resource, as social network tools, agenda, digital wallet, digital identity repository etc. In other words smart-phone are today the citizen’s digital companion, and, as such, they are the explicit or implicit repository of a huge amount of personal information. The criticality of these devices is generally due to the following considerations: 1. Being mobile by nature, they are exposed full-time to a potentially adverse environment 2. The need, for mobile applications, to cut the development costs to maintain the price appealing for the mobile-application market, is often translated into a quickprototyping approach, rather than a careful cyber-security oriented code development 3. Being the smart-phone strongly linked to their owner, a successful exploitation of a smart-phone can directly impact the security and privacy of its owner One of the major source of back-doors of mobile applications, is the bad use of privilege permissions. Developers tend to attribute to their applications as much permission rights as possible, even if they are not indeed needed.Malicious applications can leverage of these permissions to create covert channels allowing to get private information stored into the smart-phone. In this report we investigate on the “Declarative permissions scheme model” on which relies the security layer of Android, proposing an innovative technique combining together dynamic and static analysis to profile mobile applications and identify if they are over-privileged. In the same report we introduce also a first proposal for enforcing the end-user control on the hidden behaviours of mobile applications.
2015-01-13
Publications Office of the European Union
JRC87818
978-92-79-35409-0,   
1831-9424,   
EUR 26484,    OP LB-NA-26484-EN-N,   
https://publications.jrc.ec.europa.eu/repository/handle/JRC87818,   
10.2788/66345,   
https://publications.jrc.ec.europa.eu/repository/bitstream/JRC87818/lbna26484enn.pdf
Language Citation
NameCountryCityType
Datasets
IDTitlePublic URL
Dataset collections
IDAcronymTitlePublic URL
Scripts / source codes
DescriptionPublic URL
Additional supporting files
File nameDescriptionFile type 
Show metadata record  Copy citation url to clipboard  Download BibTeX
Items published in the JRC Publications Repository are protected by copyright, with all rights reserved, unless otherwise indicated. Additional information: https://ec.europa.eu/info/legal-notice_en#copyright-notice