Login | Register

Detecting Privacy Leaks Through Existing Android Frameworks


Detecting Privacy Leaks Through Existing Android Frameworks

Khanna, Parul (2017) Detecting Privacy Leaks Through Existing Android Frameworks. Masters thesis, Concordia University.

[thumbnail of Parul_Thesis_April23.pdf]
Text (application/pdf)
Parul_Thesis_April23.pdf - Accepted Version


The Android application ecosystem has thrived, with hundreds of thousands of applications (apps) available to users; however, not all of them are safe or privacy-friendly. Analyzing these many apps for malicious behaviors is an important but challenging area of research as malicious apps tend to use prevalent stealth techniques, e.g., encryption, code transformation, and other obfuscation approaches to bypass detection. Academic researchers and security companies have realized that the traditional signature-based and static analysis methods are inadequate to deal with this evolving
threat. In recent years, a number of static and dynamic code analysis proposals for analyzing Android apps have been introduced in academia and in the commercial world. Moreover, as a single detection approach may be ineffective against advanced obfuscation techniques, multiple frameworks for privacy leakage detection have been shown to yield better results when used in conjunction. In this dissertation, our contribution is two-fold. First, we organize 32 of the most recent and promising privacy-oriented proposals on Android apps analysis into two categories: static and dynamic analysis. For each category, we survey the state of-the-art proposals and provide a high-level overview of the methodology they rely on to detect privacy-sensitive leakages and app behaviors. Second, we choose one popular proposal from each category to analyze and detect leakages in 5,000 Android apps. Our toolchain setup consists of IntelliDroid (static) to find and trigger sensitive API (Application Program Interface) calls in target apps and leverages TaintDroid (dynamic) to detect leakages in these apps. We found that about 33%
of the tested apps leak privacy-sensitive information over the network (e.g., IMEI, location, UDID), which is consistent with existing work. Furthermore, we highlight the efficiency of combining IntelliDroid and TaintDroid in comparison with Android Monkey and TaintDroid as used in most prior work. We report an overall increase in the frequency of leakage of identifiers. This increase may indicate that IntelliDroid is a better approach over Android Monkey.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Khanna, Parul
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:18 April 2017
Thesis Supervisor(s):Mannan, Mohammad
ID Code:982501
Deposited By: PARUL KHANNA
Deposited On:09 Jun 2017 14:32
Last Modified:18 Jan 2018 17:55
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top