Learn More
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by(More)
Apps on Google's Android mobile device platform are written in Java, but are compiled to a special bytecode language called Dalvik. In this paper, we introduce SymDroid, a symbolic executor that operates directly on Dalvik bytecode. SymDroid begins by first translating Dalvik into µ-Dalvik, a simpler language that has only 16 instructions, in contrast to(More)
Two new logics for verification of hyperproperties are proposed. Hyperproperties characterize security policies, such as noninter-ference, as a property of sets of computation paths. Standard temporal logics such as LTL, CTL, and CTL * can refer only to a single path at a time, hence cannot express many hyperproperties of interest. The logics proposed here,(More)
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access , GPS use, and telephony. We have found that Android's current permissions are often overly broad, providing apps with more access than they truly require. This deviation from least privilege increases the threat from(More)
—Location-based apps are popular on Android, but they raise a number of privacy concerns. In this paper, we empirically study how one popular location-privacy enhancing technique, location truncation, affects app utility. That is, we try to answer the question: How much can we truncate the location information given to an app while still preserving the(More)
Mobile apps can access a wide variety of secure information, such as contacts and location. However, current mobile platforms include only coarse access control mechanisms to protect such data. In this paper , we introduce interaction-based declassification policies, in which the user's interactions with the app constrain the release of sensitive(More)
  • 1