Contextual Integrity Based Android Privacy Data Protection System

Fan WU  He LI  Wenhao FAN  Bihua TANG  Yuanan LIU  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E103-A    No.7    pp.906-916
Publication Date: 2020/07/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.2019EAP1128
Type of Manuscript: PAPER
Category: Cryptography and Information Security
Keyword: 
terminal security,  access control,  privacy protection,  mobile applications,  contextual integrity,  

Full Text: PDF(2.1MB)>>
Buy this Article


Summary: 
Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.