MonkeyDroid: Detecting Unreasonable Privacy Leakages of Android Applications

Ma, Kai; Liu, Mengyang; Guo, Shanqing; Ban, Tao

doi:10.1007/978-3-319-26555-1_43

Kai Ma¹⁷,
Mengyang Liu¹⁷,
Shanqing Guo¹⁷ &
…
Tao Ban¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9491))

Included in the following conference series:

International Conference on Neural Information Processing

2786 Accesses
4 Citations

Abstract

Static and dynamic taint-analysis approaches have been developed to detect the processing of sensitive information. Unfortunately, faced with the result of analysis about operations of sensitive information, people have no idea of which operation is legitimate operation and which is stealthy malicious behavior. In this paper, we present Monkeydroid to pinpoint automatically whether the android application would leak sensitive information of users by distinguishing the reasonable and unreasonable operation of sensitive information on the basis of information provided by developer and market provider. We evaluated Monkeydroid over the top 500 apps on the Google play and experiments show that our tool can effectively distinguish malicious operations of sensitive information from legitimate ones.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

https://www.strategyanalytics.com/access-services/devices/mobile-phones
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: automated security certification of android applications. Manuscript, University of Maryland 2(3), (2009). http://www.cs.umd.edu/avik/projects/scandroidascaa
Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012)
Chapter Google Scholar
Lu, L., Li, Z., Wu, Z., et al.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 229–240. ACM (2012)
Google Scholar
Enck, W., Gilbert, P., Han, S., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)
Article Google Scholar
Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the third ACM Conference on Data and Application Security and Privacy, pp. 209–220. ACM (2013)
Google Scholar
Pandita, R., Xiao, X., Zhong, H., et al.: Inferring method specifications from natural language API descriptions. In: Proceedings of the 34th International Conference on Software Engineering, pp. 815–825. IEEE Press (2012)
Google Scholar
Arzt, S., Rasthofer, S., Fritz, C., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014). ACM
Article Google Scholar
Pandita, R., Xiao, X., Yang, W., et al.: WHYPER: towards automating risk assessment of mobile applications. In: USENIX Security 2013 (2013)
Google Scholar
Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: 2014 Network and Distributed System Security Symposium (NDSS), February 2014, to appear. http://www.bodden.de/pubs/rab14classifying.pdf

Download references

This work is partially supported by National Natural Science Foundation of China (61173068, 61173139), Program for New Century Excellent Talents in University of the Ministry of Education, the Key Science Technology Project of Shandong Province (2014GGD01063), the Independent Innovation Foundation of Shandong Province(2014CGZH1106) and the Shandong Provincial Natural Science Foundation (ZR2014FM020, ZR2014FM031).

Author information

Authors and Affiliations

Department of Computer Science and Technology, Shandong University, Jinan, China
Kai Ma, Mengyang Liu & Shanqing Guo
NICT, Tokyo, Japan
Tao Ban

Authors

Kai Ma
View author publications
You can also search for this author in PubMed Google Scholar
Mengyang Liu
View author publications
You can also search for this author in PubMed Google Scholar
Shanqing Guo
View author publications
You can also search for this author in PubMed Google Scholar
Tao Ban
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Kai Ma , Mengyang Liu , Shanqing Guo or Tao Ban .

Editor information

Editors and Affiliations

University of Istanbul, Istanbul, Turkey
Sabri Arik
University at Qatar, Doha, Qatar
Tingwen Huang
Tunku Abdul Rahman University College, Kuala Lumpur, Malaysia
Weng Kin Lai
University of Science Technology, Wuhan, China
Qingshan Liu

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ma, K., Liu, M., Guo, S., Ban, T. (2015). MonkeyDroid: Detecting Unreasonable Privacy Leakages of Android Applications. In: Arik, S., Huang, T., Lai, W., Liu, Q. (eds) Neural Information Processing. ICONIP 2015. Lecture Notes in Computer Science(), vol 9491. Springer, Cham. https://doi.org/10.1007/978-3-319-26555-1_43

Download citation

DOI: https://doi.org/10.1007/978-3-319-26555-1_43
Published: 09 December 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26554-4
Online ISBN: 978-3-319-26555-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics