Comparing Mobile Privacy Protection through Cross-Platform Applications

20th Annual Network and Distributed System Security Symposium, NDSS 2013

Volumn , Issue , 2013, Pages

  Han, Jin ^a   Yan, Qiang ^b   Gao, Debin ^b   Zhou, Jianying ^a   Deng, Robert ^b  

^a INSTITUTE FOR INFOCOMM RESEARCH   (Singapore)

^b SINGAPORE MANAGEMENT UNIVERSITY   (Singapore)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); APPLICATION PROGRAMMING INTERFACES (API); MOBILE SECURITY;

'CURRENT; ANDROID APPLICATIONS; CROSS PLATFORM APPLICATIONS; DEVICE ID; MOBILE MARKETS; MOBILE PLATFORM; PRIVACY PROTECTION; RAPID GROWTH; RESEARCH COMMUNITIES; THIRD PARTY APPLICATION (APPS);

LIBRARIES;

EID: 85180417656     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (43)

1. “Trend Micro: Android much less secure than iPhone, ” electronista News, January 2011. http://www.electronista.com/articles/11/01/11/trend.micro.warns. android.inherently.vulnerable/.
2. “Why Android App Security Is Better Than for the iPhone, ” PCWorld News. August 2010. http://www.pcworld.com/businesscenter/article/202758/why_android_app_security_is_better_than_for_the_iphone.html.
3. “Android, iPhone security different but matched, ” c-NET News, July 2010. http://news.cnet.com/8301-27080_3-20009362-245.html.
4. “Smartphone Security Smackdown: iPhone vs. Android, ” InformationWeek, July 2011. http://www.informationweek.com/news/security/mobile/231000953.
5. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified, ” in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 627-638.
6. C. Sorrel, “Apple Approves, Pulls Flashlight App with Hidden Tethering Mode, ” Wired. July, 2010. http://www.wired.com/gadgetlab/2010/07/apple-approvespulls-flashlight-app-with-hidden-tethering-mode.
7. H. Lockheimer, “Android and Security, ” Google Mobile Blog, Feb 02, 2012. http://googlemobile.blogspot.com/2012/02/android-and-security.html.
8. A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, “Android permissions: User attention, comprehension, and behavior, ” in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), 2012.
9. Android API level 14, Manifest.permission, http://developer.android.com/reference/android/Manifest.permission.html.
10. “Apple, Entitlement Key Reference, ” http://developer.apple.com/library/mac/#documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html.
11. G. Paller, Dedexer, http://dedexer.sourceforge.net/.
12. M. Weiser, “Program slicing, ” in Proceedings of the 5th international conference on Software engineering, 1981.
13. J. Sawin and A. Rountev, “Improving static resolution of dynamic class loading in java using dynamically gathered environment information, ” Automated Software Engineering, vol. 16, pp. 357-381, June 2009.
14. “IDApro, a multi-processor disassembler and debugger, ” Hex-Rays, http://www.hex-rays.com/products/ida/index.shtml.
15. Nemo, “The Objective-C Runtime: Understanding and Abusing, ” phrack, Volume 4, Issue 66, http://www.phrack.org/issues.html?issue=66&id=4.
16. M. Egele, C. Kruegel, E. Kirda, and G. Vigna, “PiOS: Detecting Privacy Leaks in iOS Applications, ” in Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2011.
17. XE Currency on iOS: http://itunes.apple.com/app/xe-currency/id315241195, XE Currency on Android: https://play.google.com/store/apps/details?id=com.xe.currency.
18. Words With Friends Free, iOS version: http://itunes.apple.com/app/words-with-friends-free/id321916506, Android version: https://play.google.com/store/apps/details?id=com.zynga.words.
19. AdWhirl Developer's Resources, https://www.adwhirl.com/home/dev.
20. Flurry Product Updates, http://blog.flurry.com/updates/bid/33715/New-Flurry-SDK-Available-for-iPhone-OS-4-0-iOS.
21. A. Lineberry, D. L. Richardson, and T. Wyatt, These Are Not the Permissions You Are Looking For, Def Con 18 Hacking Conference, 2010.
22. H. Shacham, “The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86), ” in Proceedings of the 14th ACM conference on Computer and communications security, 2007, pp. 552-561.
23. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, “Privilege escalation attacks on android, ” in Proceedings of the 13th international conference on Information security, 2011, pp. 346-360.
24. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, “Permission re-delegation: attacks and defenses, ” in Proceedings of the 20th USENIX conference on Security, 2011.
25. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, “Towards taming privilege-escalation attacks on android, ” in 19th Annual Network & Distributed System Security Symposium, Feb 2012.
26. W. Enck, M. Ongtang, and P. McDaniel, “Understanding android security, ” IEEE Security and Privacy, 2009.
27. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of android application security, ” in Proceedings of the 20th USENIX Security Symposium, 2011.
28. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets, ” in 19th Annual Network & Distributed System Security Symposium (NDSS), Feb 2012.
29. L.-K. Yan and H. Yin, “Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis, ” in Proceedings of the 21st USENIX Security Symposium, 2012.
30. D. Barrera, H. G. u. c. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android, ” in Proceedings of the 17th ACM conference on Computer and communications security, 2010, pp. 73-84.
31. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, “Semantically rich application-centric security in android, ” in Proceedings of the Annual Computer Security Applications Conference, 2009, pp. 340-349.
32. P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, “These aren't the droids you're looking for: retrofitting android to protect data from imperious applications, ” in Proceedings of the 18th ACM conference on computer and communications security, 2011, pp. 639-652.
33. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of capability leaks in stock android smartphones, ” in 19th Annual Network & Distributed System Security Symposium, Feb 2012.
34. R. Xu, H. Saidi, and R. Anderson, “Aurasium: Practical policy enforcement for android applications, ” in Proceedings of the 21st USENIX Security Symposium, 2012.
35. S. Shekhar, M. Dietz, and D. S. Wallach, “Adsplit: Separating smartphone advertising from applications, ” in Proceedings of the 21st USENIX Security Symposium, 2012.
36. P. Pearce, A. P. Felt, G. Nunez, and D. Wagner, “Addroid: Privilege separation for applications and advertisers in android, ” in Proceedings of 7th ACM Symposium on Information, Computer and Communications Security, 2012.
37. T. Vidas, N. Christin, and L. Cranor., “Curbing Android permission creep, ” in Proceedings of the Web 2.0 Security and Privacy 2011 workshop, May 2011.
38. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones, ” in Proceedings of the 9th USENIX conference on operating systems design and implementation, 2010.
39. A. P. Fuchs, A. Chaudhuri, and J. S. Foster, “Scandroid: Automated security certification of android applications.” University of Maryland, Tech. Rep., 2009.
40. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in android, ” in Proceedings of the 9th international conference on Mobile systems, applications, and services, 2011, pp. 239-252.
41. N. Seriot, “iPhone Privacy, ” BlackHat Technical Security Conference DC, 2010, http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf.
42. G. Salton, A. Wong, and C. S. Yang, “A vector space model for automatic indexing, ” Communications of the ACM, vol. 18, pp. 613-620, November 1975.
43. V. Levenshtein, “Binary Codes Capable of Correcting Deletions, Insertions and Reversals, ” Soviet Physics Doklady, vol. 10, p. 707, 1966.