Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting
Download: Paper (PDF)
Date: 8 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
Serious concerns have been raised about stealthy disclosures of private user data in smartphone apps, and recent research efforts in mobile security have studied various types of detection of privacy disclosures. However, existing approaches are not effective in informing users and security analysts about potential privacy leakage threats. This is because these methods largely fail to: 1) provide highly accurate and inclusive detection of privacy disclosures; 2) filter out the legitimate privacy disclosures that usually dominate the detection results and in turn obscure the true threats. In this paper, we propose AAPL, an automated system that detects privacy leaks (i.e., truly suspicious privacy disclosures) in Android apps. AAPL is based on multiple special static analysis techniques that we’ve developed for Android apps, including conditional flow identification and joint flow tracking. Furthermore, AAPL employs a new approach called peer voting to filter out most of the legitimate privacy disclosures from the results, purifying the detection results for automatic and easy interpretation. We implemented AAPL and evaluated it over 40,456 apps. The results show that, on average, AAPL achieves an accuracy of 88.68%. For particular disclosures, e.g., contacts, the accuracy is up to 94.64%. Using AAPL, we successfully revealed a collection of apps that cause privacy leaks. The throughput of our privacy disclosure analysis module is 4.5 apps per minute on a three- machine cluster.