Detection of sensitive information leakage in Android applications using signature generation Online publication date: Tue, 31-Mar-2015
by Hiroki Kuzuno; Satoshi Tonami
International Journal of Space-Based and Situated Computing (IJSSC), Vol. 5, No. 1, 2015
Abstract: There has been growth in the development of mobile device market. In particular, many mobile devices' applications are 'free', but depend on advertisement modules for their revenue. An advertisement module can collect a user's sensitive information and transmit it across the network. Such behaviour becomes an invasion of privacy. We analysed 1,188 Android applications traffic and permissions, 93% connected to multiple network destinations, and 55% required both access to sensitive information and the networking permissions. Of the 107,859 HTTP packets from these applications, 22% contained sensitive information. In an effort to enable users to control the transmission of their private information, we propose a system which, using a novel clustering method based on the HTTP destination and content distances, generates signatures from the clustering result and uses them to detect sensitive information leakage from applications. Our system detected 97% of the sensitive information leakage, with only 3% false positive results.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Space-Based and Situated Computing (IJSSC):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook