Visible to the public SweetDroid: Toward a Context-Sensitive Privacy Policy Enforcement Framework for Android OS

TitleSweetDroid: Toward a Context-Sensitive Privacy Policy Enforcement Framework for Android OS
Publication TypeConference Paper
Year of Publication2017
AuthorsChen, Xin, Huang, Heqing, Zhu, Sencun, Li, Qing, Guan, Quanlong
Conference NameProceedings of the 2017 on Workshop on Privacy in the Electronic Society
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5175-1
KeywordsAccess Control, Android OS, Human Behavior, Permission, policy, privacy, Privacy Policies, privacy policy, pubcrawl, Scalability

Android privacy control is an important but difficult problem to solve. Previously, there was much research effort either focusing on extending the Android permission model with better policies or modifying the Android framework for fine-grained access control. In this work, we take an integral approach by designing and implementing SweetDroid, a calling-context-sensitive privacy policy enforcement framework. SweetDroid combines automated policy generation with automated policy enforcement. The automatically generated policies in SweetDroid are based on the calling contexts of privacy sensitive APIs; hence, SweetDroid is able to tell whether a particular API (e.g., getLastKnownLocation) under a certain execution path is leaking private information. The policy enforcement in SweetDroid is also fine-grained - it is at the individual API level, not at the permission level. We implement and evaluate the system based on thousands of Android apps, including those from a third-party market and malicious apps from VirusTotal. Our experiment results show that SweetDroid can successfully distinguish and enforce different privacy policies based on calling contexts, and the current design is both developer hassle-free and user transparent. SweetDroid is also efficient because it only introduces small storage and computational overhead.

Citation Keychen_sweetdroid:_2017