Check Points against Privacy Breaches in Android Applications

摘要

The risk of privacy breaches by malicious programs has been increasing, and these programs have used more elaborate techniques to circumvent detection. Attacks using a collaboration of applications are especially difficult to find since distinct applications obtain privacy-sensitive data and send the data to the outside. Current mobile platforms have a security enforcement mechanism based on a sandbox to prevent direct data sharing between applications. Furthermore, several schemes have been proposed to improve the security against the attacks caused by two or more applications that communicate with each other. However, these schemes cannot monitor all the possible data-sharing methods. A security analysis that covers a wider range of possible data-sharing methods between applications is required for protecting leakage of privacy-sensitive information. In this paper, we present a detailed manual analysis regarding a wider range of possible methods for sharing data in the Android OS, and show how to detect actual privacy breaches using existing frameworks. Our analysis contributes to the enhancement for the security of the Android OS.