Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

Slides:



Advertisements
Similar presentations
Why Eve & Mallory Love Android
Advertisements

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Enhancing Users’ Comprehension of Android Permissions Liu Yang, Nader Boushehrinejad, Pallab Roy, Vinod Ganapathy, Liviu Iftode Department of Computer.
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
HOW TO ACT ONLINE Privacy Settings For Facebook, Twitter, LinkedIn and Google+
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Security Awareness: Applying Practical Security in Your World
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Presentation By Deepak Katta
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Introduction Our Topic: Mobile Security Why is mobile security important?
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts.
ESCCO Data Security Training David Dixon September 2014.
Permission Evolution in the Android Ecosystem Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos Department of Computer Science and Engineering.
App Rights or wrongs ? A look at smartphone apps or: why RTFM* is not just important for geeks and “computer types” * = Read The F+*#ing (or “Fine”) Manual.
PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.
Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.
GEOREMINDERS ANDROID APPLICATION BY: ADRIENNE KECK.
A multi-Criteria-based Evaluation of Android Application Andrea Saracino, G. Dini, F. Martinelli, I. Matteucci, M.Petrocchi, D. Sgandurra InTrust 2012.
1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security.
Android Security Auditing Slides and projects at samsclass.info.
Systems Software Operating Systems. What is software? Software is the term that we use for all the programs and data that we use with a computer system.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Effects of Computing How have computers affected society?
ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,
What is it? CLOUD COMPUTING.  Connects to the cloud via the Internet  Does computing tasks, or  Runs applications, or  Stores Data THE AVERAGE CLOUD.
FireDroid: Hardening Security in Almost-Stock Android Presented By: Kenneth Siu.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations.
Android Permissions Remystified: A Field Study on Contextual Integrity Presenter: Hongyang Zhao Primal Wijesekera (UBC) Arjun Baokar (UC Berkeley) Ashkan.
Cosc 4735 Permissions Asking for them in API 23+.
THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.
Android and IOS Permissions Why are they here and what do they want from me?
What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Literature by S. Demetriou et al. Presented.
Google Apps for Education Account Overview for Staff.
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
How to stay safe using the internet & App’s
Facebook privacy policy
IT Security Awareness Day October 19, 2016
How to stay safe using the internet and app’s?
More Security and Programming Language Work on SmartPhones
CS371m - Mobile Computing Runtime Permissions.
Understanding Android Security
Android System Security
APK Downloader
AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management Zhengyang Qu1, Guanyu Guo2, Zhengyue Shao2, Vaibhav Rastogi3,
OWASP CONSUMER TOP TEN SAFE WEB HABITS
What this activity will show you
Gregory LaFlash Patrick O’Loughlin
Presented by Hussein Almulla
COM Orientation The template can be used to create presentations for community, civic, advocacy and government relations groups. It is also appropriate.
Lesson 8 Operating Systems
CS371m - Mobile Computing Runtime Permissions.
Mobile App Advertisements
SOCIAL NETWORK 82% 60% 45% 26% 12% INSTAGRAM FACEBOOK TWITTER GOOGLE+
BACHELOR’S THESIS DEFENSE
Understanding Android Security
Multi-Factor Authentication
The basics of Social Science Research Lecture 3
To change the image on this slide, select the picture and delete it
Presentation transcript:

Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini

2 Overview Motivation Background Research Questions Literature Review Contributions RQ1: Permissions Removal RQ2: Storage Control Conclusions References

Motivation (1/2) Smartphones are becoming more and more common They are being used for more than just phone calls Online Shopping Banking Medical Records Tasks performed by “apps”. 3

Motivation (2/2) More sensitive information stored within the devices. If compromised, could put user or even corporations at risk. Banking statements User logins and passwords Text messages Android has 79.3% of the global smartphone market share ( Market-Share-Smartphone-Operating-System) Market-Share-Smartphone-Operating-System Google Play Store: apps ( million-apps-now-officially-largest_id45680) million-apps-now-officially-largest_id

Background Google Android Released in September 2008 Apps (APK File) Request permissions Internet, Contacts Data, Messages, etc. Defined within a manifest XML file contained within an app’s installation package. Apps can only be granted all their requested permissions No current method to deny resource access 5

Research Questions Research Question 1 (RQ1): How effective is permissions removal in enhancing user privacy on Android devices? Research Question 2 (RQ2): How effective is storage permissions in enhancing user privacy on Android devices? 6

Literature Review Android OS Changes Categorise permissions (Felt et al., 2012) Fine-Grained App Control Deny or allow a resource request as it occurs (Kern & Sametinger, 2012) Generally requires OS changes Mock/Shadow Data Send faked data to apps Mock location (MockDroid - Beresford et al., 2011) Permissions Removal No OS modifications required 7

RQ1: Permissions Removal (1/4) General Process: Decompile App Remove Permissions Recompile App 8

RQ1: Permissions Removal (2/4) Methodology 1.Select Social Networking Apps 2.Select Permissions to remove 3.Perform Permissions Removal (From previous slide) 4.Test for errors Selecting Permissions Vital to functions Harmfulness Feasible to remove 9

RQ1: Permissions Removal (3/4) Permissions to Remove: Read contacts One of the most requested Access fine location Should not be required Apps have been found to leak location information (Zhou et al., 2011) 10 Permission Facebook Twitter Instagram Tango Text Pinterest LinkedIn Tumblr ACCESS_FINE_LOCATION XXX ACCESS_NETWORK_STATE XX XXXX AUTHENTICATE_ACCOUNTS XX X XX CAMERA XXX GET_ACCOUNTS XX XXXX INTERNET XXXXXXX MANAGE_ACCOUNTS XX X XX READ_CONTACTS XXXX X X READ_PHONE_STATE X X X READ_SYNC_SETTINGS XX X XX VIBRATE XX X X WAKE_LOCK XXXXXXX WRITE_CONTACTS XX X X WRITE_EXTERNAL_STORAGE XXXXXXX WRITE_SYNC_SETTINGS XX X XX

RQ1: Permissions Removal (4/4) Results Access to location can be removed simply Access to contacts data cannot be removed easily Paper has been accepted by the 47th Hawaii International Conference on System Sciences (HICSS) (ERA A Rank conference) Limitations Key signing issues Manual removal Manual error checking Difficult to debug/code 11

RQ2: Storage Permissions (1/2) All apps are given access to non-protected storage locations. Security risk User documents, photos, downloads readable by all apps. Apps with write access can also write to all non- protected storage. Proposed Solution: Use Unix access rights/permissions to control access to storage folders. Design an app to help enforce and control these settings. 12

RQ2: Storage Permissions (2/2) Findings: Android External Storage Android defaults external storage to FAT32 file system FAT32 does not have Linux file permissions The external storage needs to be formatted to ext4 (Using root) Android Users Each Android app is given a user ID Android hardcodes user groups Current Results Folders can be restricted so that only one app can read or write to them. 13

Conclusions Android permissions removal is a viable method of improving user privacy, but requires more automation. The Android operating system itself needs to have finer grained control over what each permission allows. Android user groups is very limited and hardcoded. 14

References A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin & D. Wagner, “Android permissions: User attention, comprehension, and behavior”, SOUPS 2012, p. 3 M. Kern, & J. Sametinger, “Permission Tracking in Android”, UBICOMM 2012, pp AR. Beresford, A. Rice, N. Skehin & R. Sohan, “MockDroid: trading privacy for application functionality on smartphones”, HotMobile 2011, pp Y. Zhou, X. Zhang, X. Jiang & V. Freeh, “Taming information-stealing smartphone applications (on Android)”, TRUST 2011, pp

Questions 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.