Advanced Search
Volume 39 Issue 1
Jan.  2017
Turn off MathJax
Article Contents
LI Hui, WANG Bin, ZHANG Wen, TANG Qi, ZHANG Yanli. X-Decaf : Detection of Cache File Leaks in Android Social Apps[J]. Journal of Electronics & Information Technology, 2017, 39(1): 66-74. doi: 10.11999/JEIT160555
Citation: LI Hui, WANG Bin, ZHANG Wen, TANG Qi, ZHANG Yanli. X-Decaf : Detection of Cache File Leaks in Android Social Apps[J]. Journal of Electronics & Information Technology, 2017, 39(1): 66-74. doi: 10.11999/JEIT160555

X-Decaf : Detection of Cache File Leaks in Android Social Apps

doi: 10.11999/JEIT160555
Funds:

The National Natural Science Foundation of China (61370195), ZTE Corporation and University Joint Research Project

  • Received Date: 2016-05-28
  • Rev Recd Date: 2016-10-12
  • Publish Date: 2017-01-19
  • Since social applications involve various types of information related to the user privacy, events of privacy leakage occur frequently along with their popular applications and few studies are available on the privacy leakage detection for social applications. With the combination of the characteristics of the Android system as well as the exploitation of the taint tracking technology and Xposed framework, a privacy leakage detection tool named X-Decaf (Xposed-based-detecting-cache-file) is proposed, which is oriented to social applications on Android platform. It suspects the leakage paths within the applications and detects the privacy datas cache files. This paper also presents a suggestion for the evaluation of the privacy leakage. Evaluation results of 50 kinds of Android social applications show that many vulnerabilities of user privacy leakage exist in the social applications on Android platform.
  • loading
  • ZHANG Y, YANG M, YANG Z, et al. Permission use analysis for vetting undesirable behaviors in android apps[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(11): 1828-1842. doi: 10.1109/TIFS.2014.2347206.
    SHEBARO B, OLUWATIMI O, and BERTINO E. Context- based access control systems for mobile devices[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 12(2): 150-163. doi: 10.1109/TDSC.2014.2320731.
    NAUMAN M, KHAN S, OTHMAN A T, et al. Realization of a user-centric, privacy preserving permission framework for Android[J]. Security and Communication Networks, 2015, 8(3): 368-382. doi: 10.1002/sec.986.
    WU L, DU X, and ZHANG H. An effective access control scheme for preventing permission leak in Android[C]. 2015 International Conference on Computing, Networking and Communications (ICNC), IEEE, Anaheim, CA, USA, 2015: 57-61. doi: 10.1109/ ICCNC.2015.7069315.
    LU L, LI Z, WU Z, et al. Chex: Statically vetting android apps for component hijacking vulnerabilities[C]. Proceedings of the 2012 ACM Conference on Computer and Communications Security, North Carolina, USA, 2012: 229-240.
    TAN J, DROLIA U, MARTINS R, et al. Short paper: Chips: Content-based heuristics for improving photo privacy for smartphones[C]. Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless Mobile Networks. Oxford, UK, 2014: 213-218. doi: 10.1145/2627393.2627394.
    NAVEED M, ZHOU X, DEMETRIOU S, et al. Inside job: Understanding and mitigating the threat of external device mis-binding on Android[C]. Network and Distributed System Security Symposium, San Diego, California, USA, 2014. doi: 10.14722/ndss.2014.23097.
    RAHMAN M, BALLESTEROS J, CARBUNAR B, et al. Toward preserving privacy and functionality in geosocial networks[C]. Proceedings of the 19th ACM Annual International Conference on Mobile Computing Networking, Miami, Florida, USA, 2013: 207-210.
    FAWAZ K, FENG H, and SHIN K G. Anatomization and protection of mobile apps location privacy threats[C]. 24th USENIX Security Symposium (USENIX Security 15). Washington, D.C., USA, 2015: 753-768.
    YAN L, GUO Y, and CHEN X. SplitDroid: isolated execution of sensitive components for mobile applications[C]. International Conference on Security and Privacy in Communication Systems. Springer International Publishing, Dallas, TX, USA, 2015: 78-96.
    TRIPP O and RUBIN J. A Bayesian approach to privacy enforcement in smartphones[C]. 23rd USENIX Security Symposium (USENIX Security 14). California, USA, 2014: 175-190.
    ENCK W, GILBERT P, HAN S, et al. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones[J]. ACM Transactions on Computer Systems (TOCS), 2014, 32(2): 5. doi: 10.1145/ 2619091.
    HSIAO S W, HUNG S H, CHIEN R, et al. PasDroid: real- time security enhancement for Android[C]. 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Birmingham, UK, 2014: 229-235.
    BAL G, KAI R, and HONG J I. Styx: Privacy risk communication for the Android smartphone platform based on apps' data-access behavior patterns[J]. Computers Security, 2015, 53: 187-202.
    CUI X, YU D, CHAN P, et al. Cochecker: Detecting capability and sensitive data leaks from component chains in android[C]. Information Security and Privacy. Springer International Publishing, Wollongong, NSW, Australia, 2014: 446-453.
    ZHANG M and YIN H. Efficient, context-aware privacy leakage confinement for android applications without firmware modding[C]. Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. Kyoto, Japan, 2014: 259-270.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (1296) PDF downloads(404) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return