Abstract
The wide use of browser extensions brings the privacy leakage problem. The previous works detected private data transmission to find privacy leakage in Chrome or Firefox, but the real challenge is to determine whether the transmission is reasonable because the privacy data that existed in transmission does not absolutely mean leaking. To this end, we establish a privacy model for each extension, which contains the sensitive information permitted to be used and servers authorized to communicate with. In order to evaluate the effectiveness of the proposed method, we develop a dynamic browser extension privacy detection framework. It first builds privacy models for extensions and records all network traffic when accessing test pages. Then, the leakage results are presented according to the strict privacy leakage judgment rules. In this paper, the experiments are conducted in a real environment, and our work is verified by 34,095 extensions which are collected from 3 mainstream browsers in China from November 2019 to August 2020. There is a total of 2,983 extensions that exist privacy leakage. We further conduct a comprehensive analysis of the results including calculating the precision, recall, accuracy, and F1 score for each type of leakage, and show the information leaked by different extension categories and the malicious domain name that collecting the users' privacy, as well as the results changing of detection over time.
Highlights
W ITH the browser extension providing more convenient functions, more and more people begin to use it
This paper develops a dynamic browser extension privacy leakage detection framework to detect privacy leakage in Chinese browsers
The detection processes can be summarized as follows: firstly, the privacy model is built for each extension; the framework installs the extensions on browsers and captures the network traffic when visiting the test pages; the privacy leakage will be estimated according to the judgment rules
Summary
W ITH the browser extension providing more convenient functions, more and more people begin to use it. The great challenge of the privacy leakage detection method is to judge the rationality of privacy data transmission, that is to say, whether the transmitted data match the extension function. To solve this problem, this paper proposes the privacy model to describe the conscious range of data. The detection processes can be summarized as follows: firstly, the privacy model is built for each extension; the framework installs the extensions on browsers and captures the network traffic when visiting the test pages; the privacy leakage will be estimated according to the judgment rules. We calculate the precision, recall, accuracy, and F1 score for each leakage type and show the direction of the leak and the malicious domain names, as well as the results changing of detection over time
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
