CenterYou: Android privacy made easier the Cloud Way
Article Sidebar
Main Article Content
Abstract
The Smartphone industry has expanded significantly over the last few years. According to the available data, each year, a marked increase in the number of devices in use is observed. Most consumers opt for Smartphones due to the extensive number of software applications that can be downloaded on their devices, thus increasing their functionality. However, this growing trend of application installation brings an issue of user protection, as most applications seek permissions to access data on a user’s device. The risks this poses to sensitive data are real to both corporate and individual users. While Android has grown in popularity, this trend has not been followed by the efforts to increase the security of its users. This is a well-known set of problems, and prior solutions have approached it from the ground up; that is, they have focused on implementing reasonable security policies within Android’s open-source kernel. While these solutions have achieved the goals of improving Android with such security policies, they are severely hampered by the way in which they have been implemented them. In this work, a framework referred to as CenterYou is proposed to overcome these issues. It applies pseudo data technique and cloud-based decision-making system to scan and protect Smartphone devices from unnecessarily requested permissions by installed applications and identifies potential privacy leakages. The current paper demonstrated all aspects of the CenterYou application technical design. The work presented here provides a significant contribution to the field, as the technique based on pseudo data is used in the actual permissions administration of Android applications. Moreover, this system is user and cloud-driven, rather than being governed by over-privileged applications.
Downloads
Article Details
Copyright (c) 2022 Safavi S, et al.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Safavi S, Shukur Z. Conceptual privacy framework for health information on wearable device. PLoS One. 2014 Dec 5;9(12):e114306. doi: 10.1371/journal.pone.0114306. PMID: 25478915; PMCID: PMC4257553.
Airoldi EM, Blei DM, Fienberg SE. Xing EP. Mixed membership stochastic blockmodels. Advances in Neural Information Processing Systems. 33-40.
Ashbrook D. Starner T. Using GPS to learn significant locations and predict movement across multiple users. Personal and Ubiquitous Computing. 2003; 7(5):275-286.
Ghosh D, Joshi A, Finin T. Jagtap P. Privacy control in smart phones using semantically rich reasoning and context modeling. Security and Privacy Workshops (SPW). 2012; 82-85.
Boysen K. "Jawbone with MotionX technology." 2013; http://content.jawbone.com/static/www/pdf/press-releases/up-press-release-110311.pdf.
Wade R. Veneroso F. The Asian crisis: the high debt model versus the Wall Street-Treasury-IMF complex. New Left Review: 1998; 3-24.
Safavi S. Shukur Z. Improving Google glass security and privacy by changing the physical and software structure. Life Science Journa. 2014; 11(5).
Mulliner CR. Security of smart phones, UNIVERSITY OF CALIFORNIA Santa Barbara. Doctoral dissertation. 2006.
Google. "Android reference developers guide." 2012; http://developer.android.com/guide/index.html.
Google.com. "Android security reference." 2012; http://source.android.com/tech/security
Jesse B. "Android security reference." 2012; http://www.blackhat.com/presentations/bh-usa-09/BURNS/BHUSA09-Burns-AndroidSurgery-PAPER.pdf.
Lunden I. "Tablets are eating into smartphones share of mobile content usage while android remains in lead overall finds jumptap." 2013; http://techcrunch.com/2013/03/05/tablets-are-eating-into-smartphones-share-of-mobile-content-usage-while-android-remains-in-lead-overall-finds-jumptap/
CNET. "Android snags record 81 percent of smartphone market." 2013; http://news.cnet.com/8301-1035_3-57610229-94/android-snags-record-81-percent-of-smartphone-market.
Felt AP, Finifter M, Chin E, Hanna S. Wagner DA. survey of mobile malware in the wild. Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. 3-14.
Grace MC, Zhou W, Jiang X. Sadeghi AR. Unsafe exposure analysis of mobile in-app advertisements. Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. 101-112.
Zhou Y, Wang Z, Zhou W, Jiang X. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. NDSS Journal. 2012.
Zhou Y, Jiang X. Dissecting android malware: Characterization and evolution. Security and Privacy (SP). 2012; 95-109.
Lineberry A, DLR, Wyatt T. These aren’t the permissions you’re looking for. 2010.
Cai L, Chen H. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. HotSec.
Chin E, Felt AP, Greenwood K, Wagner D. Analyzing inter-application communication in Android. Proceedings of the 9th international conference on Mobile systems, applications, and services. 239-252.
Xu Z, Bai K, Zhu S. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM. 113-124.
Smith C. "Privacy flaw in skype android app exposed." 2012; http://www.t3.com/news/privacy-flaw-inskype-android-app-exposed/.
Davi L, Dmitrienko A, Sadeghi AR, Winandy M. Privilege escalation attacks on android. Information Security. 2011; 346-360.
Schlegel R, Zhang K, Zhou Xy, Intwala M, Kapadia A, Wang X. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. NDSS. 11: 17-33.
Marforio C, Ritzdorf H, Francillon A, Capkun S. Analysis of the communication between colluding applications on modern smartphones. Proceedings of the 28th Annual Computer Security Applications Conference. 51-60.
Wei X, Gomez L, Neamtiu I, Faloutsos M. ProfileDroid: multi-layer profiling of android applications. Proceedings of the 18th annual international conference on Mobile computing and networking. 137-148.
Mahmood R, Esfahani N, Kacem T, Mirzaei N, Malek S, Stavrou A. A whitebox approach for automated security testing of Android applications on the cloud. Automation of Software Test (AST). 2012; 22-28.
Blasing T, Batyuk L, Schmidt AD, Camtepe SA, Albayrak S. An android application sandbox system for suspicious software detection. Malicious and unwanted software (MALWARE). 2010; 55-62.
Rasool Saqib. "Blockchain-enabled reliable osmotic computing for cloud of things: applications and challenges." IEEE Internet of Things Magazine 2020; 3.2: 63-67.
Lakshmi K, Priya SM, Rama AJK, Thilagam K. Modified AODV Protocol against Blackhole Attacks. in MANET”, International Journal of Engineering and Technology. Vol. 2: Citeseer.
Safavi S, Shukur Z, Razali R. Reviews on Cybercrime Affecting Portable Devices. Procedia Technology. 2013; 11: 650-657.
Raiu C. Cyber-threat evolution: the past year. Computer Fraud & Security. 2012; 3:5-8.
Warren SD, Brandeis LD. The right to privacy. Harvard law review: 1890; 193-220.
Fischer-Hübner S. IT-security and privacy: design and use of privacy-enhancing security mechanisms: Springer-Verlag. 2001.
Federrath H. Designing Privacy Enhancing Technologies: International Workshop on Design Issues in Anonymity and Unobservability. Berkeley. CA. USA. 2001.
Stanton JM, Stam KR, Mastrangelo P, Jolton J. Analysis of end user security behaviors. Computers & Security. 2005; 24(2): 124-133.
Maximilien M, Dimmock B, Streetman D, Weischedel B, Klissner P, Dusankar S, Kleinman R, McKinlay H. "Wincor-Nixdorf, Peter Duellings, Roger Lindsjö, Steve Turner, Paul Gay, et Boris Dainson. Java API for USB (javax. usb), JSR-80 specification. 2001;9.0: http://javax-usb.org/.
Leslie B, Chubb P, Fitzroy-Dale N, Götz S, Gray C, Macpherson L, Potts D, Shen YT, Elphinstone K, Heiser G. User-level device drivers: Achieved performance. Journal of Computer Science and Technology. 2005; 20(5): 654-664.
Safavi S, Shukur Z. Android Privacy Made Easier the Cloud Way. 2020.
Services AW. "Amazon Web Services (AWS) and Cloud Computing Services." 2014. http://aws.amazon.com.
Zhou, Zhenyu, et al. "Cloud miracles: Heterogeneous cloud RAN for fair coexistence of LTE-U and Wi-Fi in ultra dense 5G networks." IEEE Communications Magazine 56.6 (2018): 64-71.
Android G. Google Cloud Messaging for Android | Android Developers. 2014.
Al-Dulaimi Anwer. "A framework of network connectivity management in multi-clouds infrastructure." IEEE Wireless Communications 2019; 26.3:104-110.
Regli WC, Hu X, Atwood M, Sun W. A survey of design rationale systems: approaches, representation, capture and retrieval. Engineering with computers. 2000; 16(3-4): 209-235.
Zhang D, Adipat B. Challenges, methodologies, and issues in the usability testing of mobile applications. International Journal of Human-Computer Interaction. 2005; 18(3): 293-308.
Kern M, Sametinger J. Permission Tracking in Android. UBICOMM 2012, The Sixth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies. 148-155.
Beresford AR, Rice A, Skehin N, Sohan R. MockDroid: trading privacy for application functionality on smartphones. Proceedings of the 12th Workshop on Mobile Computing Systems and Applications. 49-54.
Zhou Y, Zhang X, Jiang X, Freeh VW. Taming information-stealing smartphone applications (on android). Trust and Trustworthy Computing. 2011; 93-107.
Hornyack P, Han S, Jung J, Schechter S, Wetherall D. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. Proceedings of the 18th ACM conference on Computer and communications security. 639-652.
Nauman M, Khan S, Zhang X. Apex: extending android permission model and enforcement with user-defined runtime constraints. Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. 328-332.
Jeon J, Micinski KK, Vaughan JA, Reddy N, Zhu Y, Foster JS, Millstein T. Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android. Digital Repository at the University of Maryland. 2011.
Pearce P, Felt AP, Nunez G, Wagner D. Addroid: Privilege separation for applications and advertisers in android. Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. 71-72.
Peffers K, Tuunanen T, Rothenberger MA, Chatterjee S. A design science research methodology for information systems research. Journal of management information systems. 2007; 24(3): 45-77.