For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Contextual Integrity Based Android Privacy Data Protection System
Fan WU He LI Wenhao FAN Bihua TANG Yuanan LIU
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2020/07/01
Online ISSN: 1745-1337
Type of Manuscript: PAPER
Category: Cryptography and Information Security
terminal security, access control, privacy protection, mobile applications, contextual integrity,
Full Text: PDF>>
Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.