X-Decaf : Detection of Cache File Leaks in Android Social Apps

LI Hui; WANG Bin; ZHANG Wen; TANG Qi; ZHANG Yanli

doi:10.11999/JEIT160555

Volume 39 Issue 1

Jan. 2017

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2017 > 39(1): 66-74

LI Hui, WANG Bin, ZHANG Wen, TANG Qi, ZHANG Yanli. X-Decaf : Detection of Cache File Leaks in Android Social Apps[J]. Journal of Electronics & Information Technology, 2017, 39(1): 66-74. doi: 10.11999/JEIT160555

Citation:

LI Hui, WANG Bin, ZHANG Wen, TANG Qi, ZHANG Yanli. X-Decaf : Detection of Cache File Leaks in Android Social Apps[J]. Journal of Electronics & Information Technology, 2017, 39(1): 66-74. doi: 10.11999/JEIT160555

Citation:

PDF( 510 KB)

X-Decaf : Detection of Cache File Leaks in Android Social Apps

doi: 10.11999/JEIT160555

LI Hui¹,
WANG Bin^{1
,
,},
ZHANG Wen¹,
TANG Qi¹,
ZHANG Yanli¹

Funds:

The National Natural Science Foundation of China (61370195), ZTE Corporation and University Joint Research Project

Received Date: 2016-05-28
Rev Recd Date: 2016-10-12
Publish Date: 2017-01-19

Abstract

Abstract

Since social applications involve various types of information related to the user privacy, events of privacy leakage occur frequently along with their popular applications and few studies are available on the privacy leakage detection for social applications. With the combination of the characteristics of the Android system as well as the exploitation of the taint tracking technology and Xposed framework, a privacy leakage detection tool named X-Decaf (Xposed-based-detecting-cache-file) is proposed, which is oriented to social applications on Android platform. It suspects the leakage paths within the applications and detects the privacy datas cache files. This paper also presents a suggestion for the evaluation of the privacy leakage. Evaluation results of 50 kinds of Android social applications show that many vulnerabilities of user privacy leakage exist in the social applications on Android platform.
- Privacy leakage,
- Taint tracking,
- Cache file,
- Xposed,
- Android system

FullText(HTML)

References(16)

References

ZHANG Y, YANG M, YANG Z, et al. Permission use analysis for vetting undesirable behaviors in android apps[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(11): 1828-1842. doi: 10.1109/TIFS.2014.2347206.

SHEBARO B, OLUWATIMI O, and BERTINO E. Context- based access control systems for mobile devices[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 12(2): 150-163. doi: 10.1109/TDSC.2014.2320731.

NAUMAN M, KHAN S, OTHMAN A T, et al. Realization of a user-centric, privacy preserving permission framework for Android[J]. Security and Communication Networks, 2015, 8(3): 368-382. doi: 10.1002/sec.986.

WU L, DU X, and ZHANG H. An effective access control scheme for preventing permission leak in Android[C]. 2015 International Conference on Computing, Networking and Communications (ICNC), IEEE, Anaheim, CA, USA, 2015: 57-61. doi: 10.1109/ ICCNC.2015.7069315.

LU L, LI Z, WU Z, et al. Chex: Statically vetting android apps for component hijacking vulnerabilities[C]. Proceedings of the 2012 ACM Conference on Computer and Communications Security, North Carolina, USA, 2012: 229-240.

TAN J, DROLIA U, MARTINS R, et al. Short paper: Chips: Content-based heuristics for improving photo privacy for smartphones[C]. Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless Mobile Networks. Oxford, UK, 2014: 213-218. doi: 10.1145/2627393.2627394.

NAVEED M, ZHOU X, DEMETRIOU S, et al. Inside job: Understanding and mitigating the threat of external device mis-binding on Android[C]. Network and Distributed System Security Symposium, San Diego, California, USA, 2014. doi: 10.14722/ndss.2014.23097.

RAHMAN M, BALLESTEROS J, CARBUNAR B, et al. Toward preserving privacy and functionality in geosocial networks[C]. Proceedings of the 19th ACM Annual International Conference on Mobile Computing Networking, Miami, Florida, USA, 2013: 207-210.

FAWAZ K, FENG H, and SHIN K G. Anatomization and protection of mobile apps location privacy threats[C]. 24th USENIX Security Symposium (USENIX Security 15). Washington, D.C., USA, 2015: 753-768.

YAN L, GUO Y, and CHEN X. SplitDroid: isolated execution of sensitive components for mobile applications[C]. International Conference on Security and Privacy in Communication Systems. Springer International Publishing, Dallas, TX, USA, 2015: 78-96.

TRIPP O and RUBIN J. A Bayesian approach to privacy enforcement in smartphones[C]. 23rd USENIX Security Symposium (USENIX Security 14). California, USA, 2014: 175-190.

ENCK W, GILBERT P, HAN S, et al. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014, 32(2): 5. doi: 10.1145/ 2619091.

HSIAO S W, HUNG S H, CHIEN R, et al. PasDroid: real- time security enhancement for Android[C]. 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Birmingham, UK, 2014: 229-235.

BAL G, KAI R, and HONG J I. Styx: Privacy risk communication for the Android smartphone platform based on apps' data-access behavior patterns[J]. Computers Security, 2015, 53: 187-202.

CUI X, YU D, CHAN P, et al. Cochecker: Detecting capability and sensitive data leaks from component chains in android[C]. Information Security and Privacy. Springer International Publishing, Wollongong, NSW, Australia, 2014: 446-453.

ZHANG M and YIN H. Efficient, context-aware privacy leakage confinement for android applications without firmware modding[C]. Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. Kyoto, Japan, 2014: 259-270.

Relative Articles

Supplements(0)

Cited By

Proportional views