Mitigating Privacy-Related Risks for Android Users

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) Pub Date : 2019-06-01 DOI:10.1109/WETICE.2019.00059

E. Tramontana, Gabriella Verga

{"title":"Mitigating Privacy-Related Risks for Android Users","authors":"E. Tramontana, Gabriella Verga","doi":"10.1109/WETICE.2019.00059","DOIUrl":null,"url":null,"abstract":"Generally, when an app runs on an Android device, users are asked to approve accesses to sensitive data or resources that require Android dangerous permissions. Otherwise, for other resources, requiring normal permissions, no approval is asked. Once access to resources has been gained, an app could send confidential data outside of the device, with no obvious abuse of security policies. Hence, users could witness a data leak, and, in general terms, a loss of control on data accessed, and about the ways they have been used. This paper shows the mechanisms that an app could use to gain sensitive data, hence breaching user privacy. Then, in order to preserve privacy, a novel and general defence solution is proposed, protecting data and resources in Android devices. Moreover, users are given the ability to configure which accesses have to be prevented and which are granted. As a proof of concept, our protection solution has been embedded in Wikipedia app, however is general and available for any app.","PeriodicalId":116875,"journal":{"name":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2019.00059","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Generally, when an app runs on an Android device, users are asked to approve accesses to sensitive data or resources that require Android dangerous permissions. Otherwise, for other resources, requiring normal permissions, no approval is asked. Once access to resources has been gained, an app could send confidential data outside of the device, with no obvious abuse of security policies. Hence, users could witness a data leak, and, in general terms, a loss of control on data accessed, and about the ways they have been used. This paper shows the mechanisms that an app could use to gain sensitive data, hence breaching user privacy. Then, in order to preserve privacy, a novel and general defence solution is proposed, protecting data and resources in Android devices. Moreover, users are given the ability to configure which accesses have to be prevented and which are granted. As a proof of concept, our protection solution has been embedded in Wikipedia app, however is general and available for any app.

查看原文本刊更多论文

降低Android用户隐私相关风险

通常，当应用程序在Android设备上运行时，用户会被要求批准对敏感数据或资源的访问，这些访问需要Android危险权限。否则，对于其他需要正常权限的资源，不需要审批。一旦获得了对资源的访问权，应用程序就可以将机密数据发送到设备外部，而不会明显滥用安全策略。因此，用户可能会看到数据泄露，一般来说，会失去对访问数据的控制，以及对数据使用方式的控制。这篇论文展示了应用程序可以用来获取敏感数据的机制，从而侵犯了用户隐私。然后，为了保护隐私，提出了一种新颖而通用的防御方案，保护Android设备中的数据和资源。此外，用户还可以配置哪些访问必须被阻止，哪些访问可以被授予。作为概念证明，我们的保护解决方案已经嵌入到维基百科应用程序中，但它是通用的，可用于任何应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)

自引率

0.00%

发文量