appprofiler a flexible method of exposing privacy related
play

AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior - PowerPoint PPT Presentation

AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior in Android Applications to End Users Sanae Rosen 1 Zhiyun Qian 2 Z. Morley Mao 1 1 University of Michigan Ann Arbor, MI 2 NEC Labs coe-cse-vert Motivation Implementation


  1. AppProfiler: A Flexible Method of Exposing Privacy-Related Behavior in Android Applications to End Users Sanae Rosen 1 Zhiyun Qian 2 Z. Morley Mao 1 1 University of Michigan Ann Arbor, MI 2 NEC Labs coe-cse-vert

  2. Motivation Implementation Details Analysis Summary The Problem Smartphones have lots of personal data, lots of apps: privacy concerns. Hard to make informed decisions about what applications to install. Filtering malware not enough. Privacy-intrusive applications may be acceptable for some but not others. Goal: Let users know what their apps do, in terms of privacy-sensitive behavior. coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 2 / 16

  3. Motivation Implementation Details Analysis Summary What about existing approaches? Permissions are supposed to tell users how their applications behave May be vague or even incorrect Many so prevalent that users are likely to ignore them Inflexible to modification Many proposals to improve the permission system We focus on immediate solutions Many proposals protect against smartphone-specific attacks or malware We focus on legitimate apps coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 3 / 16

  4. Motivation Implementation Details Analysis Summary What about existing approaches? Permissions are supposed to tell users how their applications behave May be vague or even incorrect Many so prevalent that users are likely to ignore them Inflexible to modification Many proposals to improve the permission system We focus on immediate solutions Many proposals protect against smartphone-specific attacks or malware We focus on legitimate apps coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 3 / 16

  5. Motivation Implementation Details Analysis Summary What about existing approaches? Permissions are supposed to tell users how their applications behave May be vague or even incorrect Many so prevalent that users are likely to ignore them Inflexible to modification Many proposals to improve the permission system We focus on immediate solutions Many proposals protect against smartphone-specific attacks or malware We focus on legitimate apps coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 3 / 16

  6. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  7. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  8. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  9. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  10. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  11. Motivation Implementation Details Analysis Summary Our Solution Automatically create profiles Download From of application behavior Market and offline. Decompile Create Knowledge base mapping Knowledge Base API calls to behaviors of Static Analysis to Identify Behaviors interest of Interest Use static analysis to find these behaviors User-Friendly Detailed Profiles Profiles Provide profiles to end users Also useful for more broadly understanding app behavior Android Large-Scale Application Analysis Flexible: Rules/profiles can easily be adapted coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 4 / 16

  12. Motivation Implementation Details Analysis Summary Basic Assumptions and Limitations We do not attempt to detect malware or applications that otherwise subvert the Android framework API We do not currently address native code We supplement (instead of replacing) the permission system Our target audience is privacy-concerned users who are concerned about how apps behave coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 5 / 16

  13. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  14. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  15. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  16. Motivation Implementation Details Analysis Summary Step 1: Build the Knowledge Base Identify high-priority API calls Refine mappings with Frequency analysis of domain-specific classes and methods knowledge Mapping of API call patterns to behavior labels coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 6 / 16

  17. Motivation Implementation Details Analysis Summary Example Knowledge Base Entry Category: Location - Type Subcategory: Regional data - State FunctionCall call: call.function.enclosingClass.name startsWith "android.location.Address" and call.function.name == "getAdminArea" FunctionCall call: call.function.enclosingClass.name startsWith "android.location.Address" and call.function.name == "getSubAdminArea" coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 7 / 16

  18. Motivation Implementation Details Analysis Summary Step 2: Apply to applications Find rule matches in decompiled app Identify behaviors Identify which from multiple rules rules belong to (e.g. photo with no ad libraries preview) Convert data into Simplify and focus user-readable on key behaviors profiles Technical User Profiles Profiles coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 8 / 16

  19. Motivation Implementation Details Analysis Summary Step 2: Apply to applications Find rule matches in decompiled app Identify behaviors Identify which from multiple rules rules belong to (e.g. photo with no ad libraries preview) Convert data into Simplify and focus user-readable on key behaviors profiles Technical User Profiles Profiles coe-cse-vert Sanae Rosen, Zhiyun Qian, Z. Morley Mao CODASPY 2013 8 / 16

Recommend


More recommend