inferring the purposes of network tra ffi c in mobile apps
play

Inferring the Purposes of Network Tra ffi c in Mobile Apps Who - PowerPoint PPT Presentation

Nov 15, 2022 •203 likes •848 views

Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where the data is being sent to? What data is being collected? Why the data is being collected? Haojian Jin , Minyi Liu, Yuanchun Li, Gaurav Srivastava,

  1. Inferring the Purposes of Network Tra ffi c in Mobile Apps Who (which app) sends the data? Where the data is being sent to? What data is being collected? Why the data is being collected? Haojian Jin , Minyi Liu, Yuanchun Li, Gaurav Srivastava, Matthew Fredrikson, Yuvraj Agarwal, Jason Hong 1

  2. who: Camera app who: Uber what: location what: location why: to tag photos why: to locate pickup location who request what data, and why 2

  3. These descriptions are only shown at the user interface layer and can be arbitrary text. No way to verify and not yet widely adopted. 3

  4. APIs user interface layer, arbitrary text no way to verify when an app calls an API and post data to remote servers over the network. network perspective 4

  5. Can we index the privacy attributes of each network request similarly as the permission dialog? APIs who, where, what, why 5

  6. https://maps.google.com Who (which app) sends the data? Uber Where the data is being sent to? Google What data is being collected? Location Why the data is being collected? Map/navigation 6

  7. Towards a public, large scale privacy database to improve the transparency of mobile data collection 7

  8. Related work 8

  9. https://maps.google.com 1, 2 State of the art Who (which app) sends the data? Uber Where the data is being sent to? Google What data is being collected? Location Why the data is being collected? Map/navigation [1] Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps [2] ReCon: Revealing and Controlling PII Leaks in Mobile Network Tra ffi c 9

  10. Related work Who Knows What About Me? Zang et al. https://techscience.org/a/2015103001/ 10

  11. Related work Who Knows What About Me? https://techscience.org/a/2015103001/ Recruit ~10 participants Install VPN on their phones Test 10~100 apps Raw data type (e.g., email addr.) 11

  12. https://maps.google.com State of the art Who (which app) sends the data? Uber Where the data is being sent to? Google What data is being collected? Location Why the data is being collected? Map/navigation less explored. 12

  13. Related work Exposing the Data Sharing Practices Expectation and Purpose [Ubicomp’12] of Smartphone Apps [CHI’ 17] 13

  14. Related work Purposes are manually annotated by researchers. Exposing the Data Sharing Practices Expectation and Purpose [Ubicomp’12] of Smartphone Apps [CHI’ 17] 14

  15. MobiPurpose is a scalable in-lab solution that can index fj ne-grained privacy attributes ( who , where , what , why ) of outgoing network requests . 15

  16. 3 modules 1 Scalable network tracing 2 Data types & purposes taxonomy 3 Automated Inference 16

  17. 1 Network tracing large scale network requests at a low cost 17

  18. …… downloaded 185, 173 apps Hardware & software setup (1) 18

  19. …… installed 30,075 apps (due to OS compatibility, etc) Hardware & software setup (2) 19

  20. a men-in-the-middle VPN proxy app 3 minutes UI automation for each running for 50 days We open source the tools at: http://bit.ly/mobipurpose Hardware & software setup (3) 20

  21. Tra ffj c request snapshot source app: com.inkcreature.predatorfree connect to host: inkcreature.com server path: /_predatorServer/ key-value pairs in request body: myLat: 40.4435877 myLon: -79.9452883 .... Raw Tra ffi c Data 21

  22. Tra ffj c request snapshot source app: Who? com.inkcreature.predatorfree connect to host: Where? inkcreature.com server path: /_predatorServer/ key-value pairs in request body: Key-value pairs myLat: 40.4435877 myLon: -79.9452883 .... Raw Tra ffi c Data 22

  23. Tra ffj c request snapshot source app: 2,008,912 unique tra ffi c requests com.inkcreature.predatorfree from 14,910 apps connect to host: inkcreature.com server path: contacting /_predatorServer/ 12,046 unique domains 302,893 unique URLs key-value pairs in request body: myLat: 40.4435877 myLon: -79.9452883 .... We publish the dataset at: http://bit.ly/purposedata Tra ffi c Data stats 23

  24. 2 Taxonomy de fj ne and categorize purposes 24

  25. “ usage strings ” in iOS/Android Arbitrary texts are hard to aggregate , analyze and verify. 25

  26. • Many apps collect users’ data for similar purposes. • There are enumerable purposes. 10-50 depends on the granularity. Observations 26

  27. generate text describing the purpose build a taxonomy and classify the purpose 27

  28. 1 Comprehensive and extendable covers the majority of use cases 1. 2 Meaningful granularity not too narrow nor too broad 3 Understandable minimal explanation for dev and users Design the Taxonomy 28

  29. 10 CS graduate students categorizing 1000+ network requests and 300+ permission usages 3 independent sessions a ffi nity diagram 29

  30. Purpose at App level why a user downloads the app (e.g., app categories - Game) Purpose at Network level why an app sends the request the app (e.g., library categories - Ad) purpose granularity 30

  31. Purpose at App level why a user downloads the app (e.g., app categories - Game) Purpose at Network level why an app sends the request the app (e.g., library categories - Ad) Purpose at Data level why a developer collects the data (e.g., nearby search) purpose granularity 31

  32. Purpose at App level why a user downloads the app (e.g., app categories - Game) Purpose at Network level why a app sends the request the app (e.g., library categories - Ad) Purpose at Data level why a developer collects the data (e.g., usage descriptions) contains most privacy details, consistent with usage strings purpose granularity 32

  33. data types location taxonomy typology 33

  34. data types data purposes examples nearby search location 34

  35. data types data purposes examples nearby search location-based customization location 35

  36. data types data purposes examples nearby search location-based customization location ad analytics …… …… 36

  37. Data purposes for location data See the complete taxonomy at: http://bit.ly/mobitaxonomy 37

  38. data types 38

  39. Bluetooth extensibility 39

  40. 3 Automated inference 40

  41. Tra ffj c request snapshot source app: com.inkcreature.predatorfree connect to host: inkcreature.com What data is being collected? server path: /_predatorServer/ Why the data is being collected? key-value pairs in request body: myLat: 40.4435877 myLon: -79.9452883 .... input output 41

  42. 1 Self-explainable patterns userAdvertisingId : 901e3310-3a26-487e-83c7-2fa26ac2786c advertising, Id machine generated UUID http://reports.crashlytics.com report, crash, analytics intuitions 42

  43. 1 Self-explainable patterns 2 External knowledge (app type, server domain) a game app sends location data to http://admob.com A mobile ad company intuitions 43

  44. a bootstrapping method to predict the data type data type inference 44

  45. purposes candidates search nearby location-based customization transportation information recording map/navigation geosocial networking taxonomy lookup to get geotagging the purpose candidates location spoo fj ng alert and remind location-based game reverse geocoding advertising analytics taxonomy lookup 45

  46. Tra ffj c request snapshot Source app feature source app: predator is an o ff ender registry search app com.inkcreature.predatorfree connect to host: inkcreature.com server path: /_predatorServer/ key-value pairs in request body: myLat: 40.4435877 myLon: -79.9452883 .... purpose features 46

  47. Tra ffj c request snapshot Source app feature source app: predator is an o ff ender registry search app com.inkcreature.predatorfree connect to host: Textual feature inkcreature.com the app sends data to its own server server path: /_predatorServer/ key-value pairs in request body: myLat: 40.4435877 myLon: -79.9452883 .... purpose features 47

  48. Tra ffj c request snapshot Source app feature source app: predator is an o ff ender registry search app com.inkcreature.predatorfree connect to host: Textual feature inkcreature.com the app sends data to its own server server path: /_predatorServer/ Domain feature key-value pairs in request body: - company business type (Crunchbase) myLat: 40.4435877 - decompile app fj les to mine the domain myLon: -79.9452883 references .... purpose features 48

  49. probability purposes candidates 0.72 search nearby source app feature: 0.2 location-based customization predator is an o fg ender registry search app 0.03 transportation information 0.02 recording textual feature: 0.02 map/navigation the app sends data to its own server supervised 0.01 geosocial networking domain feature: learning 0 geotagging - company business type from Crunchbase 0 location spoo fj ng - decompile large scale app fj les to 0 alert and remind mine the domain references 0 location-based game 0 reverse geocoding 0 advertising 0 analytics supervised machine learning 49

  50. Evaluation accuracy & recall 50

  51. Labeling ”what” & “why” in each tra ffi c request. Each request has been labeled by three people. data set labeling 51

Recommend

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function Offloading Mario Almeida, Liang Wang*, Jeremy Blackburn, Konstantina Papagiannaki, Jon Crowcroft* Telefonica Research, ES University of

903 views • 26 slides
Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps

Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps

Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps Outcome : To determine the key benefits and uses of mobile apps inside and outside the classroom. To identify the main issues to be considered when

620 views • 14 slides
Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project discussions Native Apps Live on device Access to all device features GPS, accelerometer, compass, list of contacts Written for specific

654 views • 38 slides
Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the

Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the

Mobile Apps in the Phone: (248) 470-3257 Email: Linda@GoMobileMichigan.org Marketplace Twitter: twitter.com/GoMobileMI Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the Phone: (248)

611 views • 32 slides
Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015

Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015

Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015 2016/2017 New features in Adobe Mobile The Lott Mobile Apps are Tatts.com Mobile Apps Services are released to launched (Tatts.com

396 views • 24 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
Per-user Policy Enforcement on Mobile Apps through Network Functions Virtualization Workshop on

Per-user Policy Enforcement on Mobile Apps through Network Functions Virtualization Workshop on

Per-user Policy Enforcement on Mobile Apps through Network Functions Virtualization Workshop on Mobility in the Evolving Internet Architecture Sep. 11, 2014, Maui, Hawaii, USA Yong Liao, Mario Baldi, Amedeo Sapio Gyan Ranjan, Alok Tongaonkar,

515 views • 14 slides
Depth Camera for Mobile Devices Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps

Depth Camera for Mobile Devices Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps

Depth Camera for Mobile Devices Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps Today Stereo Cameras Structured Light Cameras Time of Flight (ToF) Camera Inferring 3D Points Given we have prior knowledge of

513 views • 47 slides
10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil

10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil

10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil Tregunno, MHRA WEB-RADR Consortium Mobile Apps Mobile technology Apps Launched Package under development for other MS by the end of the project

368 views • 17 slides
Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile

Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile

Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile apps CS 370 SE Practicum, Cengiz Gnay (Some slides courtesy of Eugene Agichtein and the Internets) CS 370, Gnay (Emory) Responsive Webapps &

1.21k views • 67 slides
Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team

Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team

Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team (iOS) Discover Pinterest Engineers Building Pinterests Mobile Apps Pinterest and mobile Launched iPhone app in 2011 Summer of Apps in

625 views • 36 slides
Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director &

Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director &

Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director & Co-Founder of MIMV Technology MOBILE APPS: Time for Introduction ! 2 App IS Millions of Apps are released in the App stores, hundreds are

664 views • 49 slides
mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is

mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is

mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is hard cellular performance matters to some apps most demanding apps multiplayer gaming VoIP video chat somewhat demanding web

806 views • 52 slides
WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO SimiCart.com| Magento in a mobile app Agenda - Opportunities to come - Hurdles to overcome - Build mobile apps. Without mobile coding - Q&A

570 views • 23 slides
Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January

Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January

Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January 2013, Sofia Dr Stavri Nikolov Digital Spaces Living Lab Founding Director stavri.nikolov@digitalspaces.info Digital Spaces Living Lab (DSLL) PLAYS

307 views • 29 slides
Inferring the Purposes of Using Ride-Hailing Services through Data Fusion of Trip Trajectories,

Inferring the Purposes of Using Ride-Hailing Services through Data Fusion of Trip Trajectories,

Inferring the Purposes of Using Ride-Hailing Services through Data Fusion of Trip Trajectories, Secondary Travel Surveys, and Land-Use Attributes UT ITE Seminar Sanjana Hossain, M.Sc. February 14, 2020 Supervisor: Khandker Nurul Habib, PhD,

1.01k views • 40 slides
X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps

X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps

X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps Developer @ Polaris Industries; Ride Command Xamarin.Forms enthusiast DevOps hobbyist & machine learning beginner 4 year XCMD Blog:

607 views • 43 slides
Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile und Touch-Basierte Web Applikationen Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile phones ... No wait! Introduction Mobile Applications Apps Web Apps Facebook cnn.com Gmail Twitter

797 views • 53 slides
School&Apps Parents(are(mobile.( Their(schools(should(be(too!

School&Apps Parents(are(mobile.( Their(schools(should(be(too!

School&Apps Parents(are(mobile.( Their(schools(should(be(too! Customized&app&for&your&school& Your%app%will%be% available%on%Apple%store% and%Google%play% SaasMicro School%Apps%provide%a%versatile%and%instant%way%for%

614 views • 19 slides
Using Node.js to improve the performance of Mobile apps and Mobile web Tom Hughes-Croucher @sh 1

Using Node.js to improve the performance of Mobile apps and Mobile web Tom Hughes-Croucher @sh 1

Using Node.js to improve the performance of Mobile apps and Mobile web Tom Hughes-Croucher @sh 1 mmer Scalable Server-Side Code with JavaScript Who is Tom? Wrote W3C Standards 10+ years in the web industry Node Worked on projects

705 views • 58 slides
F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS CEO of large social network in annual development conference 2 months ago Shared vision for next 2 decades: past : with advent of PCs, companies

498 views • 14 slides
Achieving h APP iness on your mobile device mHealth apps for EDs Kirsty Short, Advanced Trainee

Achieving h APP iness on your mobile device mHealth apps for EDs Kirsty Short, Advanced Trainee

Achieving h APP iness on your mobile device mHealth apps for EDs Kirsty Short, Advanced Trainee in Emergency Medicine (ECI) Apps for Clinicians Improving Patient Experience Translation apps Procedure explanations Departmental

550 views • 31 slides
PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin Liu, Suman Nath, William G.J. Halfond, Ramesh Govindan 2 Mobile App Explosion 1.2 million 1,200,000 1,000,000 Number of Apps 800,000 600,000

638 views • 42 slides
#UCLH_wired Building apps & getting mobile Sean Gilchrist Systems Development Manager Saduf

#UCLH_wired Building apps & getting mobile Sean Gilchrist Systems Development Manager Saduf

#UCLH_wired Building apps & getting mobile Sean Gilchrist Systems Development Manager Saduf Ali-Drakesmith Imaging Systems Manager Adam Bradley Mobile App Developer Agenda Getting mobile Device s MDM WiFi Building apps Web

468 views • 11 slides

More recommend