Abstract
Insecure applications (apps) are increasingly used to steal users’ location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely on statically analyzing source code or dynamically monitoring the location data flow, identification accuracy is still under research, since the analysis results contain a certain false positive or true negative rate. In order to improve the accuracy and reduce the misjudging rate in the process of vetting suspicious apps, this paper proposes SAMLDroid, a combined method of static code analysis and machine learning for identifying Android apps with location privacy leakage, which can effectively improve the identification rate compared with existing methods. SAMLDroid first uses static analysis to scrutinize source code to investigate apps with location acquiring intentions. Then it exploits a well-trained classifier and integrates an app’s multiple features to dynamically analyze the pattern and deliver the final verdict about the app’s property. Finally, it is proved by conducting experiments, that the accuracy rate of SAMLDroid is up to 98.4%, which is nearly 20% higher than Apparecium.
Highlights
With the rise of the mobile internet, location sharing has become an essential and important service, i.e., locating, location sharing, navigation, and finding nearby points of interest (PoIs)
From the aspect of terminals, the location privacy leakage mainly refers to mobile apps containing backdoors or rogue designs that can be used to obtain a user’s location information without their permission, and bypass the operational system’s security check, so that these apps can send out privacy data via different means, for example, log files, short message service (SMS), and socket communication
In order to improve the identification accuracy for malwares with location privacy leakage, this paper proposes SAMLDroid, a combined method of static taint analysis and machine learning for Android platforms
Summary
With the rise of the mobile internet, location sharing has become an essential and important service, i.e., locating, location sharing, navigation, and finding nearby points of interest (PoIs). According to the survey this study conducted on 20 mobile social applications (apps), e.g., WeChat, Twitter, WhatsApp, Sina Weibo, all involve users’ location sharing or retrieving operations. Location-based services (LBS) provide great convenience to mobile social network users, location privacy leakage has aroused great concern because of its potential risks. From the aspect of terminals, the location privacy leakage mainly refers to mobile apps containing backdoors or rogue designs that can be used to obtain a user’s location information without their permission, and bypass the operational system’s security check, so that these apps can send out privacy data via different means, for example, log files, short message service (SMS), and socket communication. Currently a large portion of mobile apps request location access permission from users upon installation.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.