VOOZH about

URL: https://link.springer.com/article/10.1007/BF03391582?error=cookies_not_supported&code=f2b6c695-f860-4461-95ad-0b2854888bb1

⇱ A survey of privacy protection techniques for mobile devices | Journal of Communications and Information Networks | Springer Nature Link

Skip to main content

A survey of privacy protection techniques for mobile devices

  • Review paper
  • Published:

Abstract

Modern mobile devices provide a wide variety of services. Users are able to access these services for many sensitive tasks relating to their everyday lives (e.g., finance, home, or contacts). However, these services also provide new attack surfaces to attackers. Many efforts have been devoted to protecting mobile users from privacy leakage. In this work, we study state-of-the-art techniques for the detection and protection of privacy leakage and discuss the evolving trends of privacy research.

Article PDF

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

References

  1. PC World. Skype for android has a nasty vulnerability [EB/OL]. http://www.pcworld.com/article/225301/skype_for_android_has_a_nasty_vulnerability.html.

  2. CHIN E, WAGNER D. Bifocals: analyzing webview vulnerabilities in android applications[M]//Information Security Applications. Springer International Publishing, 2013: 138–159.

    Google Scholar 

  3. EGELE M, BRUMLEY D, FRATANTONIO Y, et al. An empirical study of cryptographic misuse in android applications[C]//ACM Sigsac Conference on Computer & Communications Security. Berlin, Germany, 2013: 73–84.

    Google Scholar 

  4. ENGLER D, CHELF B, CHOU A, et al. Checking system rules using system-specific, programmer-written compiler extensions [C]//Conference on Symposium on Operating System Design & Implementation. USENIX Association, San Diego, USA, 2000: 1–1.

    Google Scholar 

  5. GIBLER C, CRUSSELL J, ERICKSON J, et al. AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale in trust and trustworthy computing[M], Springer Berlin Heidelberg, 2012: 291–307.

    Google Scholar 

  6. CHIN E, FELT AP, GREENWOOD K, et al. Analyzing inter-application communication in Android[C]//International Conference on Mobile Systems, Applications, and Services, Bethesda, USA, 2011: 239–252.

    Google Scholar 

  7. LU L, LI Z, WU Z, et al. CHEX: statically vetting Android apps for component hijacking vulnerabilities[C]//ACM Conference on Computer and Communications Security. Raleigh, USA, 2012: 229–240.

    Google Scholar 

  8. YANG Z M, YANG M. LeakMiner: detect information leakage on Android with static taint analysis[C]//The 3rd World Congress on Software Engineering, Wuhan, China, 2012: 101–104.

    Google Scholar 

  9. ARZT S, RASTHOFER S, FRITZ C, et al. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware Taint analysis for Android Apps[J]. ACM sigplan notices, 2014, 49(6): 259–269.

    Article  Google Scholar 

  10. ENCK W, GILBERT P, HAN S, et al. TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones[J]. ACM transactions on computer systems, 2014, 32(2): 393–407.

    Article  Google Scholar 

  11. XU R, SAÏDI H, ANDERSON R. Aurasium: practical policy enforcement for Android applications[C]//The 21st USENIX Conference on Security Symposium. Bellevue, USA, 2012: 27–27.

    Google Scholar 

  12. YANG Z, YANG M, ZHANG Y, et al. AppIntent: analyzing sensitive data transmission in android for privacy leakage detection[C]//ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013: 1043–1054.

    Google Scholar 

  13. ALI-GOMBE A, AHMED I, RICHARD III G G, et al. AspectDroid: Android App analysis system[C]//Proceedings of the 6th ACM Conference on Data and Application Security and Privacy, New Orleans, USA, 2016: 145–147.

    Google Scholar 

  14. NAUMAN M, KHAN S, ZHANG X. Apex: extending android permission model and enforcement with user-defined runtime constraints[C]//ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010: 328–332.

    Google Scholar 

  15. ZHANG M, DUAN Y, FENG Q, et al. Towards automatic generation of security-centric descriptions for Android Apps[C]//The 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, USA, 2015: 518–529.

    Google Scholar 

  16. HORNYACK P, HAN S, JUNG J, et al. These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications[C]//ACM Conference on Computer and Communications Security, Chicago, USA, 2011: 639–652.

    Google Scholar 

  17. BUGIEL S, HEUSER S, SADEGHIA R. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies[C]//Usenix Conference on Security, Washington, USA, 2013: 131–146.

    Google Scholar 

  18. YAN L, GUO Y, CHEN X. SplitDroid: isolated execution of sensitive components for mobile applications in security and privacy in communication networks[M]. Springer International Publishing, 2015.

    Google Scholar 

  19. ZHANG X, AHLAWAT A, DU W. AFrame: isolating advertisements from mobile applications in Android[C]//Computer Security Applications Conference, New Orleans, USA, 2013: 9–18.

    Google Scholar 

  20. PEARCE P, FELT A P, NUNEZ G, et al. AdDroid: privilege separation for applications and advertisers in Android[C]//The 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Korea, 2012: 71–72.

    Google Scholar 

  21. SHEKHAR S, DIETZ M, WALLACH D S. AdSplit: separating smartphone advertising from applications[J]. Dissertations & theses - gradworks, 2012, 54(1): 99.

    Google Scholar 

  22. ENCK W, ONGTANG M, MCDANIEL P. On lightweight mobile phone application certincation[C]//ACM Conference on Computer and Communications Security, CCS 2009, Chicago, USA, 2009: 235–245.

    Google Scholar 

  23. ONGTANG M, MCLAUGHLIN S, ENCK W, et al. Semantical Rich application-centric security in Android[J]. Security & communication networks, 2009, 5(6): 658–673.

    Article  Google Scholar 

  24. HAO CHEN, WAGNER D. MOPS: an infrastructure for examining security properties of software[C]//Acm Conference on Computer & Communications Security. Washington, USA, 2002: 235–244.

    Google Scholar 

  25. EGELE M, KRUEGEL C, KIRDA E, et al. PiOS: detecting privacy leaks in iOS applications[C]//Network and Distributed System Security Symposium, San Diego, USA, 2011: 280–291.

    Google Scholar 

  26. Anzhuoduanxin[EB/OL]. http://lib.91.com/news/07302012/ 190845592.shtml.

  27. Google map[EB/OL]. http://www.google.com/mobile/maps/.

  28. GILBERT P, CHUN B G, COX L P, et al. Vision: automated security validation of mobile apps at app markets[C]//International Workshop on Mobile Cloud Computing and Services, Bethesda, USA, 2011: 21–26.

    Google Scholar 

  29. LU L, YEGNESWARAN V, PORRAS P, et al. BLADE: an attack-agnostic approach for preventing drive-by malware infections[C]//ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 440–450.

    Google Scholar 

  30. CHEN K Z, JOHNSON N M, D’SILVA V, et al. Contextual policy enforcement in android applications with permission event graphs[C]//Symposium on Network and Distributed System Security (NDSS), 2013.

    Google Scholar 

  31. ZHANG Y, YANG M, XU B, et al. Vetting undesirable behaviors in android apps with permission use analysis[C]//The ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013, 9: 611–622.

    Google Scholar 

  32. AU K W Y, ZHOU Y F, HUANG Z, et al. PScout: analyzing the Android permission specification[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, USA, 2012: 217–228.

    Google Scholar 

  33. RASTHOFER S, STEVEN A, BODDEN E. A machine-learning approach for classifying and categorizing android sources and sinks[C]//Network and Distributed System Security Symposium, San Diego, USA, 2014.

    Book  Google Scholar 

  34. Bank app users warned over android security[EB/OL]. http://www.itpro.co.uk/android/19332/mwc-2013-bank-app-users-warned-over-android-security.

  35. Phishing attack replaces android banking apps with malware [EB/OL]. https://securingtomorrow.mcafee.com/mcafee-labs/ phishing-attack-replaces-android-banking-apps-with-malware/.

  36. Av-comparatives: mobile security review-september 2014[EB/ OL]. http://www.av-comparatives.org/wp-content/uploads/2014/09/ avc_mob_201407_en.pdf

  37. CHEN Q A, QIAN Z Y, MAO Z M. Peeking into your app without actually seeing it: UI state inference and novel android attacks[C]//The 23rd USENIX Conference on Security Symposium, San Diego, USA, 2014: 1037–1052.

    Google Scholar 

  38. ZHOU Y J, JIANG X X. Detecting passive content leaks and pollution in android applications[C]//The 20th Network and Distributed System Security Symposium (NDSS). 2013.

    Google Scholar 

  39. NAN Y H, YANG M, YANG Z M, et al. UlPicker: user-input privacy identification in mobile applications [C]//Usenix Conference on Security Symposium, Washington, USA, 2015: 993–1008.

    Google Scholar 

  40. ZHOU Y J, SINGH K, JIANG X X. Owner-Centric Protection of Unstructured Data on Smartphones[M]. Trust and Trustworthy Computing. 2014: 55–73.

    Google Scholar 

  41. HUANG J J, LI Z C, XIAO X S, et al. SUPOR: precise and scalable sensitive user input detection for android apps[C]//Usenix Security Symposium, Washington, USA, 2015.

    Google Scholar 

  42. EKBERG J E, KOSTIAINEN K, ASOKAN N. Trusted execution environments on mobile devices[C]//ACM Sigsac Conference on Computer & Communications Security. Berlin, Germany, 2013: 1497–1498.

    Google Scholar 

  43. BRASSER F, KIM D, LIEBCHEN C, et al. Regulating ARM TrustZone devices in restricted spaces[C]//The 14th Annual International Conference on Mobile Systems, Applications, and Services, Singapore, Singapore, 2016: 413–425.

    Google Scholar 

  44. SUN H, SUN K, WANG Y W, et al. TrustOTP: transforming smartphones into secure one-time password tokens[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, USA, 2015: 976–988.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fudan University, ShangHai, 200433, China

    Lei Zhang, Donglai Zhu, Zhemin Yang & Min Yang

  2. Institute of Information Engineering, China Academy of Science, Beijing, 100093, China

    Limin Sun

Additional information

This work is supported by the Science and Technology Commission of Shanghai Municipality (No. 15511103003), the National Natural Science Foundation of China (No. 61602121), and the Open Project of Beijing Key Laboratory of IoT Information Security Technology (No. J6V0011104).

ZHANG Lei was born in Henan Province. He received the B.E. degree in electronic engineering from Fudan University, Shanghai, China. He is now a Ph.D. candidate of the science and technology of computer, from Fudan University. His research interests include system security and privacy leakage. (Email: lei_zhangl4@fudan.edu.cn)

YANG Zhemin [corresponding author] is a Lecturer with Software School, Fudan University, Shanghai, China. He received the B.Sc. and Ph.D. degrees in computer science from Fudan University, in 2007 and 2012, respectively. His research interests are in system security and program analysis techniques. (Email: yangzhemin@fudan.edu.cn)

About this article

Cite this article

Zhang, L., Zhu, D., Yang, Z. et al. A survey of privacy protection techniques for mobile devices. J. Commun. Inf. Netw. 1, 86–92 (2016). https://doi.org/10.1007/BF03391582

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue date:

  • DOI: https://doi.org/10.1007/BF03391582

Keyword