第三方Android库中的隐私泄漏识别

2022 Seventh International Conference On Mobile And Secure Services (MobiSecServ) Pub Date : 2022-02-26 DOI:10.1109/MobiSecServ50855.2022.9727217

Christopher M. Schindler, Müslüm Atas, Thomas Strametz, J. Feiner, Reinhard Hofer

{"title":"第三方Android库中的隐私泄漏识别","authors":"Christopher M. Schindler, Müslüm Atas, Thomas Strametz, J. Feiner, Reinhard Hofer","doi":"10.1109/MobiSecServ50855.2022.9727217","DOIUrl":null,"url":null,"abstract":"Developers of mobile applications rely on the trust of their customers. On the one hand the requirement exists to create feature-rich and secure apps, which adhere to privacy standards to not deliberately disclose user information. On the other hand the development process must be streamlined to reduce costs. Here third-party libraries come into play. Inclusion of many, possibly nested libraries pose security risks, app-creators are often not aware of. This paper presents a way to combine free open-source tools to support developers in checking their application that it does not induce security issues by using third-party libraries. The tools FlowDroid, Frida, and mitm-proxy are used in combination in a simple and viable way to perform checks to identify privacy leaks of third-party apps. Our proposed setup and configuration empowers average app developers to preserve user privacy without being dedicated security experts and without expensive external advice.","PeriodicalId":176376,"journal":{"name":"2022 Seventh International Conference On Mobile And Secure Services (MobiSecServ)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Privacy Leak Identification in Third-Party Android Libraries\",\"authors\":\"Christopher M. Schindler, Müslüm Atas, Thomas Strametz, J. Feiner, Reinhard Hofer\",\"doi\":\"10.1109/MobiSecServ50855.2022.9727217\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Developers of mobile applications rely on the trust of their customers. On the one hand the requirement exists to create feature-rich and secure apps, which adhere to privacy standards to not deliberately disclose user information. On the other hand the development process must be streamlined to reduce costs. Here third-party libraries come into play. Inclusion of many, possibly nested libraries pose security risks, app-creators are often not aware of. This paper presents a way to combine free open-source tools to support developers in checking their application that it does not induce security issues by using third-party libraries. The tools FlowDroid, Frida, and mitm-proxy are used in combination in a simple and viable way to perform checks to identify privacy leaks of third-party apps. Our proposed setup and configuration empowers average app developers to preserve user privacy without being dedicated security experts and without expensive external advice.\",\"PeriodicalId\":176376,\"journal\":{\"name\":\"2022 Seventh International Conference On Mobile And Secure Services (MobiSecServ)\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-02-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 Seventh International Conference On Mobile And Secure Services (MobiSecServ)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MobiSecServ50855.2022.9727217\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 Seventh International Conference On Mobile And Secure Services (MobiSecServ)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MobiSecServ50855.2022.9727217","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

移动应用程序的开发者依赖于客户的信任。一方面，创建功能丰富且安全的应用程序的需求是存在的，这些应用程序遵守隐私标准，不会故意泄露用户信息。另一方面，开发过程必须精简以降低成本。在这里，第三方库开始发挥作用。包含许多可能嵌套的库会带来安全风险，而应用程序创建者通常没有意识到这一点。本文提出了一种结合免费开源工具的方法，以支持开发人员检查他们的应用程序，确保它不会因使用第三方库而引发安全问题。FlowDroid、Frida和mitm-proxy工具组合使用，以一种简单可行的方式执行检查，以识别第三方应用程序的隐私泄露。我们建议的设置和配置使普通应用程序开发人员能够保护用户隐私，而无需专门的安全专家和昂贵的外部建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Privacy Leak Identification in Third-Party Android Libraries

Developers of mobile applications rely on the trust of their customers. On the one hand the requirement exists to create feature-rich and secure apps, which adhere to privacy standards to not deliberately disclose user information. On the other hand the development process must be streamlined to reduce costs. Here third-party libraries come into play. Inclusion of many, possibly nested libraries pose security risks, app-creators are often not aware of. This paper presents a way to combine free open-source tools to support developers in checking their application that it does not induce security issues by using third-party libraries. The tools FlowDroid, Frida, and mitm-proxy are used in combination in a simple and viable way to perform checks to identify privacy leaks of third-party apps. Our proposed setup and configuration empowers average app developers to preserve user privacy without being dedicated security experts and without expensive external advice.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 Seventh International Conference On Mobile And Secure Services (MobiSecServ)

自引率

0.00%

发文量