The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection
Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for en...
Saved in:
Main Authors: | , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2013
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/1837 https://ink.library.smu.edu.sg/context/sis_research/article/2836/viewcontent/apsys13_forensics.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-2836 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-28362015-12-16T15:37:17Z The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection CHAN, Joseph Joo Keng TAN, Kiat Wee JIANG, Lingxiao BALAN, Rajesh Krishna Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for end users to take preventive measures. Hence, users often cannot reconcile the way they have used an application to a reported leak — i.e., they are unable to comprehend the (il)legitimacy of the leak or make a decision on whether to allow the leak. This paper aims to demonstrate the feasibility and benefits of identifying the causes of leaks from a user’s point of view, which we call mobile forensics of privacy leaks. Its goal is to correlate user actions to leaks, and report the causes from a user-oriented perspective. To make the case, we have performed a preliminary study that identifies leak causes based on logs of user actions in more than 220 Android applications and corresponding leak reports from a leak detection tool. Our results show that more than 60% of the 105 applications (of the 220 we sampled) that leak private data leak data do so due to user actions on certain in-application GUI widgets. About 44% also leak data right after users launch them, while 32% leak data periodically after launch. We also constructed a database containing leak causes from all tested apps, and demonstrated the use of visual overlays to warn users about potential leaks. 2013-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1837 info:doi/10.1145/2500727.2500733 https://ink.library.smu.edu.sg/context/sis_research/article/2836/viewcontent/apsys13_forensics.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security Software Engineering |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Information Security Software Engineering |
spellingShingle |
Information Security Software Engineering CHAN, Joseph Joo Keng TAN, Kiat Wee JIANG, Lingxiao BALAN, Rajesh Krishna The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection |
description |
Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for end users to take preventive measures. Hence, users often cannot reconcile the way they have used an application to a reported leak — i.e., they are unable to comprehend the (il)legitimacy of the leak or make a decision on whether to allow the leak. This paper aims to demonstrate the feasibility and benefits of identifying the causes of leaks from a user’s point of view, which we call mobile forensics of privacy leaks. Its goal is to correlate user actions to leaks, and report the causes from a user-oriented perspective. To make the case, we have performed a preliminary study that identifies leak causes based on logs of user actions in more than 220 Android applications and corresponding leak reports from a leak detection tool. Our results show that more than 60% of the 105 applications (of the 220 we sampled) that leak private data leak data do so due to user actions on certain in-application GUI widgets. About 44% also leak data right after users launch them, while 32% leak data periodically after launch. We also constructed a database containing leak causes from all tested apps, and demonstrated the use of visual overlays to warn users about potential leaks. |
format |
text |
author |
CHAN, Joseph Joo Keng TAN, Kiat Wee JIANG, Lingxiao BALAN, Rajesh Krishna |
author_facet |
CHAN, Joseph Joo Keng TAN, Kiat Wee JIANG, Lingxiao BALAN, Rajesh Krishna |
author_sort |
CHAN, Joseph Joo Keng |
title |
The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection |
title_short |
The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection |
title_full |
The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection |
title_fullStr |
The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection |
title_full_unstemmed |
The Case for Mobile Forensics of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection |
title_sort |
case for mobile forensics of private data leaks: towards large-scale user-oriented privacy protection |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2013 |
url |
https://ink.library.smu.edu.sg/sis_research/1837 https://ink.library.smu.edu.sg/context/sis_research/article/2836/viewcontent/apsys13_forensics.pdf |
_version_ |
1770571624406319104 |