Title :
Blackdroid: A black-box way for Android plaintext and ciphertext privacy leaks detecting and guarding
Author :
Yan Zhang ; Yazhe Wang ; Dan Wang ; Qihui Zhou ; Ruoding Zhang
Author_Institution :
State Key Lab. of Inf. Security, Inst. of Inf. Eng., Beijing, China
Abstract :
Constantly emerging third-party apps bring huge convenience and enjoyment to Android users. However, vulnerabilities of Android´s own permission management mechanism allow apps to read user´s privacy data and send them outside without the user´s consent. In this paper, we provide Blackdroid, a light weight plaintext and ciphertext privacy leaks detecting and controlling solution for Android. Based on preset labels, Blackdroid tracks the flow of text privacy data in third-party apps via a black-box way, and drops the bad packages containing privacy if necessary. We tested 4428 popular apps from Chinese Android market Gfan using Blackdroid. Of the tested apps, 21.7% send out packages carrying sensitive contents. In performance experiments, we observed only 4.5% time overload gain in internet package sending out phase.
Keywords :
Android (operating system); data privacy; Blackdroid; Chinese Android market Gfan; black-box detection; ciphertext privacy leaks detection; dataflow tracing; permission management mechanism; plaintext privacy leaks detection; privacy guarding; third-party apps; user privacy data; Androids; Data privacy; Humanoid robots; Internet; Privacy; Security; Smart phones; Blackbox detecting; Data label; Dataflow tracing; Privacy guard;
Conference_Titel :
Consumer Electronics, Communications and Networks (CECNet), 2013 3rd International Conference on
Conference_Location :
Xianning
Print_ISBN :
978-1-4799-2859-0
DOI :
10.1109/CECNet.2013.6703301
