Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android

Download
371 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_14,
        author={Vaibhav Rastogi and Zhengyang Qu and Jedidiah McClurg and Yinzhi  Cao and Yan Chen},
        title={Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={},
        doi={10.1007/978-3-319-28865-9_14}
    }
    
  • Vaibhav Rastogi
    Zhengyang Qu
    Jedidiah McClurg
    Yinzhi Cao
    Yan Chen
    Year: 2016
    Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_14
Vaibhav Rastogi,*, Zhengyang Qu1,*, Jedidiah McClurg2,*, Yinzhi Cao3,*, Yan Chen1,*
  • 1: Northwestern University
  • 2: University of Colorado Boulder
  • 3: Lehigh University
*Contact email: vrastogi@wisc.edu, zhengyangqu2017@u.northwestern.edu, jedidiah.mcclurg@colorado.edu, yinzhi.cao@lehigh.edu, ychen@northwestern.edu

Abstract

Mobile devices are becoming increasingly popular. One reason for their popularity is the availability of a wide range of third-party applications, which enrich the environment and increase usability. There are however privacy concerns centered around these applications – users do not know what private data is leaked by the applications. Previous works to detect privacy leakages are either not accurate enough or require operating system changes, which may not be possible due to users’ lack of skills or locked devices. We present Uranine (Uranine is a dye, which finds applications as a flow tracer in medicine and environmental studies.), a system that instruments Android applications to detect privacy leakages in real-time. Uranine does not require any platform modification nor does it need the application source code. We designed several mechanisms to overcome the challenges of tracking information flow across framework code, handling callback functions, and expressing all information-flow tracking at the bytecode level. Our evaluation of Uranine shows that it is accurate at detecting privacy leaks and has acceptable performance overhead.