ProtectMyPrivacy: Detecting and mitigating privacy leaks on iOS devices using crowdsourcing

MobiSys 2013 - Proceedings of the 11th Annual International Conference on Mobile Systems, Applications, and Services

Volumn , Issue , 2013, Pages 97-109

  Agarwal, Yuvraj ^a   Hall, Malcolm ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Apple iOS; Crowdsourcing; Mobile Apps; Privacy; Recommendations

Indexed keywords

APPLE IOS; CROWDSOURCING; DESIGN AND IMPLEMENTATIONS; MOBILE APPS; MUSIC LIBRARY; PRIVATE DATA; PROTECTION SETTINGS; RECOMMENDATIONS;

DATA PRIVACY; DIGITAL STORAGE; ENGINES;

RECOMMENDER SYSTEMS;

EID: 84881124452     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2462456.2464460     Document Type: Conference Paper

References (31)

1. D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A Methodology for Empirical Analysis of Permission-based Security Models and its Application to Android. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pages 73-84. ACM, 2010.
2. M. Bellare, T. Ristenpart, P. Rogaway, and T. Stegers. Format-preserving Encryption. In Selected Areas in Cryptography, pages 295-312. Springer, 2009.
3. A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. MockDroid: Trading Privacy for Application Functionality on Smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (HotMobile), 2011.
4. M. Böhmer, B. Hecht, J. Schöning, A. Krüger, and G. Gernot Bauer. Falling Asleep with Angry Birds, Facebook and Kindle: A Large Scale Study on Mobile Application Usage. In Proceedings of the International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI), 2011.
5. A. Chaudhuri. Language-based Security on Android. In Proceedings of the ACM SIGPLAN fourth workshop on Programming Languages and Analysis for Security (PLAS), pages 1-7. ACM, 2009.
6. M. Egele, C. Kruegely, E. Kirdaz, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the Network and Distributed System Security Symposium(NDSS), 2011.
7. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX conference on Operating Systems Design and Implementation (OSDI), 2010.
8. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A Study of Android Application Security. In Proceedings of the 20th USENIX Security Symposium, 2011.
9. W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the 16th ACM conference on Computer and Communications Security (CCS), 2009.
10. A. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android Permissions Demystified. In Proceedings of the 18th ACM conference on Computer and communications security, pages 627-638. ACM, 2011.
11. A. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension, and Behavior. Technical report, University of California, Berkeley, 2012.
12. J. Freeman. Mobile Substrate. http://iphonedevwiki.net/index.php/ MobileSubstrate.
13. A. P. Fuchs, A. Chaudhuri, and J. S. Foster. SCanDroid: Automated security certification of Android applications. Manuscript, Univ. of Maryland, http://www.cs.umd.edu/~avik/projects/scandroidascaa, 2009.
14. P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These Aren't the Droids you're Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM conference on Computer and Communications Security (CCS), pages 639-652. ACM, 2011.
15. Ian Shapira, The Washington Post. Once the Hobby of Tech Geeks, iPhone Jailbreaking now a Lucrative Industry, 2011.
16. J. Jeon, K. Micinski, J. Vaughan, N. Reddy, Y. Zhu, J. Foster, and T. Millstein. Dr. Android and Mr. Hide: Fine-grained Security Policies on Unmodified Android. Technical report, University of Maryland, 2011.
17. J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and Purpose: Understanding Users Mental Models of Mobile App Privacy Through Crowdsourcing. In Proceedings of the 14th ACM International Conference on Ubiquitous Computing (Ubicomp), 2012.
18. W. Mackay. Patterns of Sharing Customizable Software. In Proceedings of the 1990 ACM conference on Computer-supported cooperative work, pages 209-221. ACM, 1990.
19. MobiStealth. http://www.mobistealth.com/.
20. M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (CCS), pages 328-332. ACM, 2010.
21. Protect My Privacy (PmP). iOS Privacy App. http://www.protectmyprivacy. org.
22. N. Seriot. iPhone Privacy. In Black Hat DC, 2010.
23. E. Smith. iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs). Technical report, Technical Report, 2010.
24. The Next Web. Popular Jailbreak Software Cydia hits 14m Monthly Users on iOS 6, 23m on All Devices, March 2013.
25. S. Thurm and Y. Kane. The Journal's Cellphone Testing Methodology. The Wall Street Journal, 2010.
26. S. Thurm and Y. Kane. Your Apps Are Watching You. The Wall Street Journal, 2010.
27. N. Y. Times. Mobile Apps Take Data Without Permission. http://bits.blogs.nytimes.com/2012/02/15/google-and-mobile-apps-take-data-books- without-permission/.
28. M. T. Vennon. Android Malware: Spyware in the Android Market. Technical report, SMobile Systems, 2010.
29. T. Vennon. Android Malware. A Study of Known and Potential Malware Threats. Technical report, SMobile Global Threat Center, 2010.
30. XEUDOXUS. Privacy Blocker and Inspector. http://privacytools.xeudoxus. com/.
31. Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming Information-Stealing Smartphone Applications (on Android). Trust and Trustworthy Computing (TRUST), pages 93-107, 2011.