Toward active and efficient privacy protection for Android

Abstract

Although Android has introduced many security mechanisms, users often expose privacy information to attacker due to the system's defensive privacy protecting policy. The problem is that for most inexperienced users, no mandatory protection is provided. To address this issue, we propose a data-centric privacy enhancement design to actively restrict privacy violation on Android. The main idea is to first build trusted database by introducing secure enhanced kernel and data-at-rest encryption. Then, the system enforces an isolation of applications with privacy data access privilege mode. The design focuses on data protection and keeps persistent mandatory access control model from kernel to application layer, and could resist most common privacy leakage attacks. Compared with other heavyweight isolation scheme, the overhead is also controlled into an acceptable range due to our lightweight design principle.