Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

Published byMyra Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini."— Presentation transcript:

1 Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini

2 2 Overview Motivation Background Research Questions Literature Review Contributions RQ1: Permissions Removal RQ2: Storage Control Conclusions References

3 Motivation (1/2) Smartphones are becoming more and more common They are being used for more than just phone calls Online Shopping Banking Medical Records Tasks performed by “apps”. 3 http://au.businessinsider.com/another-record-quarter-for-smartphone-sales-2013-55

4 Motivation (2/2) More sensitive information stored within the devices. If compromised, could put user or even corporations at risk. Banking statements User logins and passwords Text messages Android has 79.3% of the global smartphone market share (http://www.businesswire.com/news/home/20130807005280/en/Apple-Cedes- Market-Share-Smartphone-Operating-System)http://www.businesswire.com/news/home/20130807005280/en/Apple-Cedes- Market-Share-Smartphone-Operating-System Google Play Store: 1 000 000+ apps (http://www.phonearena.com/news/Androids-Google-Play-beats-App-Store-with-over-1- million-apps-now-officially-largest_id45680)http://www.phonearena.com/news/Androids-Google-Play-beats-App-Store-with-over-1- million-apps-now-officially-largest_id45680 4

5 Background Google Android Released in September 2008 Apps (APK File) Request permissions Internet, Contacts Data, Messages, etc. Defined within a manifest XML file contained within an app’s installation package. Apps can only be granted all their requested permissions No current method to deny resource access 5

6 Research Questions Research Question 1 (RQ1): How effective is permissions removal in enhancing user privacy on Android devices? Research Question 2 (RQ2): How effective is storage permissions in enhancing user privacy on Android devices? 6

7 Literature Review Android OS Changes Categorise permissions (Felt et al., 2012) Fine-Grained App Control Deny or allow a resource request as it occurs (Kern & Sametinger, 2012) Generally requires OS changes Mock/Shadow Data Send faked data to apps Mock location (MockDroid - Beresford et al., 2011) Permissions Removal No OS modifications required 7

8 RQ1: Permissions Removal (1/4) General Process: Decompile App Remove Permissions Recompile App 8

9 RQ1: Permissions Removal (2/4) Methodology 1.Select Social Networking Apps 2.Select Permissions to remove 3.Perform Permissions Removal (From previous slide) 4.Test for errors Selecting Permissions Vital to functions Harmfulness Feasible to remove 9

10 RQ1: Permissions Removal (3/4) Permissions to Remove: Read contacts One of the most requested Access fine location Should not be required Apps have been found to leak location information (Zhou et al., 2011) 10 Permission Facebook Twitter Instagram Tango Text Pinterest LinkedIn Tumblr ACCESS_FINE_LOCATION XXX ACCESS_NETWORK_STATE XX XXXX AUTHENTICATE_ACCOUNTS XX X XX CAMERA XXX GET_ACCOUNTS XX XXXX INTERNET XXXXXXX MANAGE_ACCOUNTS XX X XX READ_CONTACTS XXXX X X READ_PHONE_STATE X X X READ_SYNC_SETTINGS XX X XX VIBRATE XX X X WAKE_LOCK XXXXXXX WRITE_CONTACTS XX X X WRITE_EXTERNAL_STORAGE XXXXXXX WRITE_SYNC_SETTINGS XX X XX

11 RQ1: Permissions Removal (4/4) Results Access to location can be removed simply Access to contacts data cannot be removed easily Paper has been accepted by the 47th Hawaii International Conference on System Sciences (HICSS) (ERA A Rank conference) Limitations Key signing issues Manual removal Manual error checking Difficult to debug/code 11

12 RQ2: Storage Permissions (1/2) All apps are given access to non-protected storage locations. Security risk User documents, photos, downloads readable by all apps. Apps with write access can also write to all non- protected storage. Proposed Solution: Use Unix access rights/permissions to control access to storage folders. Design an app to help enforce and control these settings. 12

13 RQ2: Storage Permissions (2/2) Findings: Android External Storage Android defaults external storage to FAT32 file system FAT32 does not have Linux file permissions The external storage needs to be formatted to ext4 (Using root) Android Users Each Android app is given a user ID Android hardcodes user groups Current Results Folders can be restricted so that only one app can read or write to them. 13

14 Conclusions Android permissions removal is a viable method of improving user privacy, but requires more automation. The Android operating system itself needs to have finer grained control over what each permission allows. Android user groups is very limited and hardcoded. 14

15 References A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin & D. Wagner, “Android permissions: User attention, comprehension, and behavior”, SOUPS 2012, p. 3 M. Kern, & J. Sametinger, “Permission Tracking in Android”, UBICOMM 2012, pp. 148-155. AR. Beresford, A. Rice, N. Skehin & R. Sohan, “MockDroid: trading privacy for application functionality on smartphones”, HotMobile 2011, pp. 49-54. Y. Zhou, X. Zhang, X. Jiang & V. Freeh, “Taming information-stealing smartphone applications (on Android)”, TRUST 2011, pp. 93-107. 15

16 Questions 16

Download ppt "Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini."

Similar presentations

Why Eve & Mallory Love Android

Why Eve & Mallory Love Android
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Enhancing Users’ Comprehension of Android Permissions Liu Yang, Nader Boushehrinejad, Pallab Roy, Vinod Ganapathy, Liviu Iftode Department of Computer.

Enhancing Users’ Comprehension of Android Permissions Liu Yang, Nader Boushehrinejad, Pallab Roy, Vinod Ganapathy, Liviu Iftode Department of Computer.
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
HOW TO ACT ONLINE Privacy Settings For Facebook, Twitter, LinkedIn and Google+

HOW TO ACT ONLINE Privacy Settings For Facebook, Twitter, LinkedIn and Google+
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.

Android Security What is out there? Waqar Aziz. Android Market Share - I 2.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Presentation By Deepak Katta

Presentation By Deepak Katta
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Introduction to Android Swapnil Pathak www.SecurityXploded.com Advanced Malware Analysis Training Series.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.

Similar presentations

Ads by Google