| With the development of Mobile Internet, smartphones have been extensivelyused as the network access terminals all over the world. Advanced technology of bothhardware and software makes the current smartphones with rich functions.Smartphones have become one of the most important office and social tools, whichresults in that mass sensitive data and privacy information of users are stored in theirsmartphones.Android system is one of the most used smartphone operating systems, and thereare many third-party Android applications providing various services for the users.Mobile malwares, however, are also existed among these applications. The flaw of theprivilege management and inter-component-communication mechanisms enables suchmalwares to steal the users’ private information directly or indirectly and send toremote attackers without the awareness of the users. Therefore, the privacy-preservingproblem in Android system is becoming research focus of the mobile securityresearchers.To solve this problem, in this paper, we design a privacy-preserving model——PrivacyManager for Android system. By modifying the Android framework layer,PrivacyManager achieves a fine-grained privacy privileges control based onapplication classifications, preventing applications accessing unnecessary privateinformation. Meanwhile, through the inter-component-communication monitoring,PrivacyManager can prevent applications exploiting the discrepancy of privileges tolaunch privilege escalation attacks. We implemented PrivacyManager on Android2.3.3.Experimental results show that our model can effectively intercept the access of privatedata, as well as multiple kinds of inter-component-communication, with high reliability.Moreover, PrivacyManager is completely transparent to the application layer,maintaining application availability, and the system performance loss is small. |
PDF Full Text Request