Prevention of Cross-update Privacy Leaks on Android

Beumjin Cho; Sangho Lee; Meng Xu; Sangwoo Ji; Taesoo Kim; Jong Kim

Geodesic

Parcourir par

Prevention of Cross-update Privacy Leaks on Android

Beumjin Cho ; Sangho Lee ; Meng Xu ; Sangwoo Ji ; Taesoo Kim ; Jong Kim

Computer Science and Information Systems, Tome 15 (2018) no. 1.

Voir la notice de l'article provenant de la source Computer Science and Information Systems website

Résumé

Updating applications is an important mechanism to enhance their availability, functionality, and security. However, without careful considerations, application updates can bring other security problems. In this paper, we consider a novel attack that exploits application updates on Android: a cross-update privacy-leak attack called COUPLE. The COUPLE attack allows an application to secretly leak sensitive data through the cross-update interaction between its old and new versions; each version only has permissions and logic for either data collection or transmission to evade detection. We implement a runtime security system, BREAKUP, that prevents cross-update sensitive data transactions by tracking permission-use histories of individual applications. Evaluation results show that BREAKUP’s time overhead is below 5%. We further show the feasibility of the COUPLE attack by analyzing the versions of 2;009 applications (28;682 APKs).

Keywords: Android, Privacy, Information flow, Permission

@article{CSIS_2018_15_1_a5,
     author = {Beumjin Cho and Sangho Lee and Meng Xu and Sangwoo Ji and Taesoo Kim and Jong Kim},
     title = {Prevention of {Cross-update} {Privacy} {Leaks} on {Android}},
     journal = {Computer Science and Information Systems},
     publisher = {mathdoc},
     volume = {15},
     number = {1},
     year = {2018},
     url = {http://geodesic.mathdoc.fr/item/CSIS_2018_15_1_a5/}
}

TY  - JOUR
AU  - Beumjin Cho
AU  - Sangho Lee
AU  - Meng Xu
AU  - Sangwoo Ji
AU  - Taesoo Kim
AU  - Jong Kim
TI  - Prevention of Cross-update Privacy Leaks on Android
JO  - Computer Science and Information Systems
PY  - 2018
VL  - 15
IS  - 1
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/CSIS_2018_15_1_a5/
ID  - CSIS_2018_15_1_a5
ER  -

%0 Journal Article
%A Beumjin Cho
%A Sangho Lee
%A Meng Xu
%A Sangwoo Ji
%A Taesoo Kim
%A Jong Kim
%T Prevention of Cross-update Privacy Leaks on Android
%J Computer Science and Information Systems
%D 2018
%V 15
%N 1
%I mathdoc
%U http://geodesic.mathdoc.fr/item/CSIS_2018_15_1_a5/
%F CSIS_2018_15_1_a5

Beumjin Cho; Sangho Lee; Meng Xu; Sangwoo Ji; Taesoo Kim; Jong Kim. Prevention of Cross-update Privacy Leaks on Android. Computer Science and Information Systems, Tome 15 (2018) no. 1. http://geodesic.mathdoc.fr/item/CSIS_2018_15_1_a5/