The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection

Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for en...

Full description

Saved in:
Bibliographic Details
Main Authors: CHAN, Joseph Joo Keng, TAN, Kiat Wee, JIANG, Lingxiao, BALAN, Rajesh Krishna
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2013
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/1837
https://ink.library.smu.edu.sg/context/sis_research/article/2836/viewcontent/apsys13_forensics.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-2836
record_format dspace
spelling sg-smu-ink.sis_research-28362015-12-16T15:37:17Z The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection CHAN, Joseph Joo Keng TAN, Kiat Wee JIANG, Lingxiao BALAN, Rajesh Krishna Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for end users to take preventive measures. Hence, users often cannot reconcile the way they have used an application to a reported leak — i.e., they are unable to comprehend the (il)legitimacy of the leak or make a decision on whether to allow the leak. This paper aims to demonstrate the feasibility and benefits of identifying the causes of leaks from a user’s point of view, which we call mobile forensics of privacy leaks. Its goal is to correlate user actions to leaks, and report the causes from a user-oriented perspective. To make the case, we have performed a preliminary study that identifies leak causes based on logs of user actions in more than 220 Android applications and corresponding leak reports from a leak detection tool. Our results show that more than 60% of the 105 applications (of the 220 we sampled) that leak private data leak data do so due to user actions on certain in-application GUI widgets. About 44% also leak data right after users launch them, while 32% leak data periodically after launch. We also constructed a database containing leak causes from all tested apps, and demonstrated the use of visual overlays to warn users about potential leaks. 2013-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1837 info:doi/10.1145/2500727.2500733 https://ink.library.smu.edu.sg/context/sis_research/article/2836/viewcontent/apsys13_forensics.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Information Security
Software Engineering
spellingShingle Information Security
Software Engineering
CHAN, Joseph Joo Keng
TAN, Kiat Wee
JIANG, Lingxiao
BALAN, Rajesh Krishna
The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection
description Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for end users to take preventive measures. Hence, users often cannot reconcile the way they have used an application to a reported leak — i.e., they are unable to comprehend the (il)legitimacy of the leak or make a decision on whether to allow the leak. This paper aims to demonstrate the feasibility and benefits of identifying the causes of leaks from a user’s point of view, which we call mobile forensics of privacy leaks. Its goal is to correlate user actions to leaks, and report the causes from a user-oriented perspective. To make the case, we have performed a preliminary study that identifies leak causes based on logs of user actions in more than 220 Android applications and corresponding leak reports from a leak detection tool. Our results show that more than 60% of the 105 applications (of the 220 we sampled) that leak private data leak data do so due to user actions on certain in-application GUI widgets. About 44% also leak data right after users launch them, while 32% leak data periodically after launch. We also constructed a database containing leak causes from all tested apps, and demonstrated the use of visual overlays to warn users about potential leaks.
format text
author CHAN, Joseph Joo Keng
TAN, Kiat Wee
JIANG, Lingxiao
BALAN, Rajesh Krishna
author_facet CHAN, Joseph Joo Keng
TAN, Kiat Wee
JIANG, Lingxiao
BALAN, Rajesh Krishna
author_sort CHAN, Joseph Joo Keng
title The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection
title_short The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection
title_full The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection
title_fullStr The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection
title_full_unstemmed The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection
title_sort case for mobile forensics of private data leaks: towards large-scale user-oriented privacy protection
publisher Institutional Knowledge at Singapore Management University
publishDate 2013
url https://ink.library.smu.edu.sg/sis_research/1837
https://ink.library.smu.edu.sg/context/sis_research/article/2836/viewcontent/apsys13_forensics.pdf
_version_ 1770571624406319104