Sensitive Behaviors Detection And Privacy Protection Techniques For Mobile Applications

In recent years,mobile devices have become the main platforms for users to ac-cess the Internet.Benefited from the popularity of mobile devices and data produced by mobile sensors,numerous mobile applications with rich functionalities are developed and gathered a large number of valuable user private data,including user' s identity information,geographic location Information,account information,etc.While users enjoy the con,venience brought by mobile applications,their privacy is under threat.As a result,researchers have paid considerable attention to technologies that can detect improper behaviors in mobile apps and protect users' privacy.In terms of improper behaviors detection,there are already many mature technologies and solutions that can detect privacy leakage in specific situations.However,there are a lot of ways to leak users' privacy.To find out the differences between improper behaviors and reasonable private data usage behaviors,extensive research is required in this area.In terms of privacy protection technology,recent researches have prompted the Android operating system to adopt a more flexible runtime permissions mechanism.However,the cur-rent technology is not fine-grained enough,and it cannot balance privacy protection and reasonable application functions.Facing these challenges and issues,this article focuses on sensitive behavior detection and privacy protection technologies for mobile applications.The work of this article is threefold:1.Detecting Stubborn Permission Requests in Android Applications.Android applications may stubbornly request permissions at initialization:if the user does not grant the requested permissions,these applications would simply exit,refusing to provide any functionalities.As a result,users are urged by this behavior to grant sensitive permissions and users actually lose the power to con-trol their sensitive data,which may cause permission abuse and privacy leak-age.In this paper,we propose an approach to automatically detect the improper behaviors of stubbornly requesting permissions.Experiments on real-world ap-plications demonstrate the effectiveness of our approach and reveal that almost 24%analyzed applications contain stubborn permission requests.According to the survey from the researcher,this is the first research to investigate such kind of improper behaviors.2.Detecting superfluous network transmissions in Android applications.The network transmission is an important way to exchange information betweenAndroid applications and their own backend or other third-party servers.How-ever,some network transmissions are superfluous for the apps' functionalities.Superfluous network transmissions not only increase the network traffic but also may leak users' sensitive data.To identify the superfluous network transmissions,we propose a static-analysis based approach.Evaluation with real world market apps shows that 62%apps contain superfluous network transmissions,and 48%of the analyzed network transmissions are superfluous,and our approach could effectively detect superfluous network transmissions in Android apps.3.A fine-grained privacy protection framework based on Android system.Android applications may abuse their permissions on private data,leaking the user's privacy out of the mobile device via data transmissions.A straightforward way to deal with this problem is to restrict the application permissions.However,the restriction not only prevents the undesirable operations from leaking privacy but also prohibits the desirable operations from utilizing private data.This ar-ticle proposes a fine-grained runtime privacy control framework that can reveal how private-data transmissions occur to end-users and set privacy control rules which intercept the undesirable private-data transmissions at runtime without in-terfering with desirable ones.Evaluation using real applications demonstrates that this framework helps people identify the undesirable operations effectively and it can precisely intercept the undesirable data transmissions through privacy control rules.Besides,this framework causes little side effect.