Smartphone applications can steal users’ private data and send it out behind their back. Smartphones store various personal data, such as phone identifiers, location information, and contacts. Third-party applications, which can be downloaded freely at markets, frequently access the data.
Most of the applications do so to explore the fun and utility of smartphone technology. However, such accesses also raise concerns and issues of privacy risk.Android’s permission-based approach is not enough to ensure the security of private information., .
Android requires application developers to declare the permissions so their applications can access users’ private information. However, the permissions do not let you know the actual trace of private data. It is uncertain if an application only accesses private data locally, or sends the data out.
Also, developers tend to request more permissions than what they need. As a result, users also tend to care less about the permissions when they install applications.
We developed a static analyzer SCANDAL that detects privacy leaks in Android applications. It determines if there exists any flow of data from an information source through a sink. It covers all possible states which may occur when using the application.
Using SCANDAL. we analyzed 90 popular applications using SCANDAL from Android Market and detected privacy leaks in 11 applications. We also analyzed 8 known malicious applications from third-party markets and detected privacy leaks in all 8 applications.
To read this external content in full, download the complete paper from the authors online archives at Seoul National University..