ReCon: Revealing and Controlling PII Leaks in Mobile Network Systems

Slides:



Advertisements
Similar presentations
Mobile Application Development Keshav Bahadoor. Part 1 Cross Platform Web Applications.
Advertisements

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
1 / 21 Network Characteristics of Video Streaming Traffic Ashwin Rao †, Yeon-sup Lim *, Chadi Barakat †, Arnaud Legout †, Don Towsley *, and Walid Dabbous.
Medical University of South Carolina Office of the CIO – Information Services Endpoint Security Team Mobile Device Management March 8, 2012.
Secure SharePoint mobile connectivity
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
Classification of Gene-Phenotype Co-Occurences in Biological Literature Using Maximum Entropy CIS Term Project Proposal November 1, 2002 Sharon Diskin.
IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.
© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.
EXTRACT: MINING SOCIAL FEATURES FROM WLAN TRACES: A GENDER-BASED CASE STUDY By Udayan Kumar Ahmed Helmy University of Florida Presented by Ahmed Alghamdi.
DAS/BEST ITSecurity Division. RSA SecurID Software Tokens: Make strong authentication a convenient part of doing business. Deploy RSA software tokens.
Effective Real-time Android Application Auditing
Instructions for Administrators Choose the Enrollment slide decks that match your environment, either for SaaS or On Premise. Edit the red text to match.
TOUCHSIGNATURES Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, Feng Hao Newcastle University CryptoForma meeting, Belfast 4 May 2015.
Instructions for Administrators Choose the Enrollment slide decks that match your environment, either for SaaS or On Premise. Edit the red text to match.
Web Logic Vulnerability By Eric Jizba and Yan Chen With slides from Fangqi Sun and Giancarlo Pellegrino.
By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.
Periscope How to broadcast your way to more Closings Brought to you By: YOUR INFO PHONE NUMBER NMLS#
Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.
Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.
David Choffnes, Northeastern University Jingjing Ren, Northeastern University Ashwin Rao, University of Helsinki Martina Lindorfer, Vienna Univ. of Technology.
ITimeKeep V2 Be Prepared for Release. 1.iTimeKeep users will need to update the current iTimeKeep application. 2.Your firm will need to migrate over to.
| Mobile Accessibility Development Making an Accessible App Usable Scott McCormack.
THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.
How To Create Yahoo Mail Account. Yahoo Mail Yahoo Mail is a free service offered by Yahoo!, the service is very popular worldwide.
How to Enable Account Key Sign Instead Of Password In Yahoo? For more details:
Fix The Streaming problems with Roku Mobile Application. For more details visit our website
AntMonitor: A System for Monitoring from Mobile Devices
Advantage16 Getting Started
Spying on Android Users Through Targeted Ads
BotTracer: Bot User Detection Using Clustering Method in RecDroid
Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.
 Gmail is a free webmail service, developed by Google.  Gmail also supports advertising.  Users can access Gmail on the desktop, laptop or through.
WELCOME Mobile Applications Testing
Mobile App – For iOS and Android Devices
Evaluation – next steps
Set up your own Cloud The search for a secure and acceptable means of gaining access to your files stored at the office from a remote location.
It’s All About Me From Big Data Models to Personalized Experience
Affinity Program | Client Approved Copy| Native App Landing Page
WEL-COME WEL-COME
Fix yahoo error code 1032 Call Toll-free Number
Setting Up Chatter on Mobile devices
Twitter Augmented Android Malware Detection
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,
Mobile Operating Systems and Connectivity
How to register and use the app for Law Enforcement users?
Chapter: 2 Diving into Mobile: App or Website?
How to register and use ODMAP for Fire/EMS and other partners
How to Sign into HBO Go On iPhone, iPad or iPad Touch? (Watch here, how to fix it)
Changing of Apple ID Payment Information Settings  Open Settings and go to iTunes & App Store  Tap on Apple ID – this brings up a menu  Tap on View.
Steps in Building Your iOS Application. ●Apple iPhone applications are on the top of the list in the development Mode. ●Apple iOS platform has attracted.
Microsoft OneDrive Accessing content and information when you need it, no matter where you are.
Cloud Connect Seamlessly
Analyzing WebView Vulnerabilities in Android Applications
Defending against Sybil Devices in Crowdsourced Mapping Services
Mitchell Kossoris, Catelyn Scholl, Zhi Zheng
Information propagation in social networks
Setting Up Google Classroom Using a Smart Device
How to register and use ODMAP for Fire/EMS and other partners?
Machine Learning Telepathy for Shift Right Approach
Technology Work Order Ticketing System
Learn on the Move with the Moodle Mobile App
Sofia Pediaditaki and Mahesh Marina University of Edinburgh
How to Download And Install McAfee Mobile Security on iOS?
MyLion Registration Website | Mobile device
Measuring and Mitigating Security and Privacy Issues on Android Applications Lucky ONWUZURIKE November 15, 2018.
With the Worldcue® TRAVELER Mobile App
BVM Web Solutions is a Leading Website and Mobile App Development Company Offering best Ecommerce website and app development services for Android and.
Characterizing Pixel Tracking through the Lens of Disposable Services
Presentation transcript:

ReCon: Revealing and Controlling PII Leaks in Mobile Network Systems In Proc. of ACM Mobisys 2016 David Choffnes, Northeastern University Jingjing Ren, Northeastern University Ashwin Rao, University of Helsinki Martina Lindorfer, Vienna Univ. of Technology Arnaud Legout, INRIA Sophia-Antipolis

What is a PII? Device identifier (IMEI, MAC address, etc.) User identifier (name, gender, etc.) Contact information (address book, etc.) Location (GPS, zip code) Credential (username, password)

Where are stored all your PII?

How severe are PII leaks today? Test manually the 100 most popular apps for each store

Our solution: ReCon A system using supervised ML to accurately identify and control PII leaks from network traffic with crowdsource reinforcement

Why using ML? Pattern matching such as “user=legout” leads to many FP and FN, because the context matters

Manuel test: top 100 apps from each official store Automatic test: top 850 Android apps from a third party store

GET /index.html?id=12340;foo=bar;name=legout; pass=jf3jNF#5h Feature extraction: bag of words

GET /index.html?id=12340;foo=bar;name=legout; pass=jf3jNF#5h Feature extraction: bag of words Use thresholds to remove infrequent or too frequent words

Ground truth from the controlled experiments C4.5 decision tree We evaluated many, but it is the best tradeoff between accuracy and speed Per-domain and per-OS classifier Faster and more accurate because the context depends on the domain and the OS

Does it work? Three experimental validations

10-fold cross validation 2.2% false positive 3.5% false negative

ReCon vs. static and dynamic analysis ReCon finds missing leaks after retraining

ReCon in the wild 239 users in March 2016 (IRB approved) 137 iOS, 108 Android devices 14,101 PII found and 6,747 confirmed by users

ReCon in the wild The retraining phase is important FP decreased by 92% FN increased by 0.5%

ReCon in the wild 21 apps exposing passwords in plaintext Used by millions (Match, Epocrates) Responsibly disclosed 13 have fixed the problem

ReCon: Revealing and Controling PII Leaks in Mobile Network Systems Sign up: http://recon.meddle.mobi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.