1 / 16

Enhancing User Privacy on Android Devices

Enhancing User Privacy on Android Devices. Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini. Bachelor of Computer Science (Honours). Overview. Motivation Background Research Questions Literature Review Contributions RQ1: Permissions Removal

amalia
Télécharger la présentation

Enhancing User Privacy on Android Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhancing User Privacy on Android Devices Name: Quang DoSupervisor: Raymond Choo Associate Supervisor: Ben Martini Bachelor of Computer Science (Honours)

  2. Overview • Motivation • Background • Research Questions • Literature Review • Contributions • RQ1: Permissions Removal • RQ2: Storage Control • Conclusions • References

  3. Motivation (1/2) • Smartphones are becoming more and more common • They are being used for more than just phone calls • Online Shopping • Banking • Medical Records • Tasks performedby “apps”. http://au.businessinsider.com/another-record-quarter-for-smartphone-sales-2013-55

  4. Motivation (2/2) • More sensitive information stored within the devices. • If compromised, could put user or even corporations at risk. • Banking statements • User logins and passwords • Text messages • Android has 79.3% of the global smartphone market share (http://www.businesswire.com/news/home/20130807005280/en/Apple-Cedes-Market-Share-Smartphone-Operating-System) • Google Play Store: 1 000 000+ apps (http://www.phonearena.com/news/Androids-Google-Play-beats-App-Store-with-over-1-million-apps-now-officially-largest_id45680)

  5. Background • Google Android • Released in September 2008 • Apps (APK File) • Request permissions • Internet, Contacts Data, Messages, etc. • Defined within a manifest XML file contained within an app’s installation package. • Apps can only be granted all their requested permissions • No current method to deny resource access

  6. Research Questions • Research Question 1 (RQ1): • How effective is permissions removal in enhancing user privacy on Android devices? • Research Question 2 (RQ2): • How effective is storage permissions in enhancing user privacy on Android devices?

  7. Literature Review • Android OS Changes • Categorise permissions (Felt et al., 2012) • Fine-Grained App Control • Deny or allow a resource request as it occurs (Kern & Sametinger, 2012) • Generally requires OS changes • Mock/Shadow Data • Send faked data to apps • Mock location (MockDroid - Beresford et al., 2011) • Permissions Removal • No OS modifications required

  8. RQ1: Permissions Removal (1/4) • General Process: • Decompile App • Remove Permissions • Recompile App

  9. RQ1: Permissions Removal (2/4) • Methodology • Select Social Networking Apps • Select Permissions to remove • Perform Permissions Removal (From previous slide) • Test for errors • Selecting Permissions • Vital to functions • Harmfulness • Feasible to remove

  10. RQ1: Permissions Removal (3/4) • Permissions to Remove: • Read contacts • One of the most requested • Access fine location • Should not be required • Apps have been found to leak location information (Zhou et al., 2011)

  11. RQ1: Permissions Removal (4/4) • Results • Access to location can be removed simply • Access to contacts data cannot be removed easily • Paper has been accepted by the 47th Hawaii International Conference on System Sciences (HICSS) (ERA A Rank conference) • Limitations • Key signing issues • Manual removal • Manual error checking • Difficult to debug/code

  12. RQ2: Storage Permissions (1/2) • All apps are given access to non-protected storage locations. • Security risk • User documents, photos, downloads readable by all apps. • Apps with write access can also write to all non-protected storage. • Proposed Solution: • Use Unix access rights/permissions to control access to storage folders. • Design an app to help enforce and control these settings.

  13. RQ2: Storage Permissions (2/2) • Findings: • Android External Storage • Android defaults external storage to FAT32 file system • FAT32 does not have Linux file permissions • The external storage needs to be formatted to ext4 (Using root) • Android Users • Each Android app is given a user ID • Android hardcodes user groups • Current Results • Folders can be restricted so that only one app can read or write to them.

  14. Conclusions • Android permissions removal is a viable method of improving user privacy, but requires more automation. • The Android operating system itself needs to have finer grained control over what each permission allows. • Android user groups is very limited and hardcoded.

  15. References • A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin & D. Wagner, “Android permissions: User attention, comprehension, and behavior”, SOUPS 2012, p. 3 • M. Kern, & J. Sametinger, “Permission Tracking in Android”, UBICOMM 2012, pp. 148-155. • AR. Beresford, A. Rice, N. Skehin & R. Sohan, “MockDroid: trading privacy for application functionality on smartphones”, HotMobile 2011, pp. 49-54. • Y. Zhou, X. Zhang, X. Jiang & V. Freeh, “Taming information-stealing smartphone applications (on Android)”, TRUST 2011, pp. 93-107.

  16. Questions

More Related