Corpus ID: 2691973

Comparing Mobile Privacy Protection through Cross-Platform Applications

@inproceedings{Han2013ComparingMP,
  title={Comparing Mobile Privacy Protection through Cross-Platform Applications},
  author={Jin Han and Qiang Yan and Debin Gao and Jianying Zhou and Robert H. Deng},
  booktitle={NDSS},
  year={2013}
}
With the rapid growth of the mobile market, security of mobile platforms is receiving increasing attention from both research community as well as the public. In this paper, we make the first attempt to establish a baseline for security comparison between the two most popular mobile platforms. We investigate applications that run on both Android and iOS and examine the difference in the usage of their security sensitive APIs (SS-APIs). Our analysis over 2,600 applications shows that iOS… Expand
Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps
TLDR
It is found that thirdparty tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children, and that neither platform is clearly better than the other for privacy across the dimensions the authors studied. Expand
Enhanced Identification of Sensitive User Inputs in Mobile Applications
TLDR
An enhanced approach for detecting users’ inputs privacy disclosures that are truly suspicious is proposed, which necessitates tracking of the related app data flows form these users' inputs to various sinks to determine if this privacy disclosure is valid or suspicious. Expand
CRiOS: Toward Large-Scale iOS Application Analysis
TLDR
The average iOS application consists of 60.2% library classes and only 39.8% developer-authored content, and it is found that 9.32% of referenced network connection endpoints either entirely omit to cryptographically protect network communications or present untrustworthy SSL certificates. Expand
NativeWrap: ad hoc smartphone application creation for end users
TLDR
This paper proposes NativeW wrap as an alternative model for security and privacy conscious consumers to access Web content and describes the design of a prototype of NativeWrap for the Android platform and test compatibility on the top 250 Alexa Websites. Expand
Detecting privacy leaks in the RATP App: how we proceeded and what we found
TLDR
This article analyzed the RATP App, both Android and iOS versions, and reveals that both versions of this App leak private data to third-party servers, which is in total contradiction to the In-App privacy policy. Expand
Cross-Platform Access-Rights Analysis of Mobile Applications
TLDR
A deep static and dynamic analysis of the applications available for each iOS and Android platform was conducted in order to determine on which overprivileged applications were more prevalent. Expand
A Privacy Risk Scoring Framework for Mobile
A Privacy Risk Scoring Framework for Mobile Applications and Platforms Jedidiah Spencer Montgomery School of Technology, BYU Master of Science Protecting personal privacy has become an increasinglyExpand
Mobile Application Security in the Presence of Dynamic Code Updates
TLDR
This dissertation provides a thorough study on the use and the usage manner of dynamic code updates in Android apps, and proposes a backward slicing based targeted inter component code paths execution technique, TeICC, which shows that it can be effectively used for targeted execution of inter components code paths in obfuscated Android apps. Expand
Differences between Android and iPhone Users in Their Security and Privacy Awareness
TLDR
It is found that Android users seem to be more aware of the risks associated with the app usage than iPhone users, and more often mention security, trust and privacy issues as important factors when they decide to use a new app. Expand
Security in iOS and Android: A Comparative Analysis
TLDR
A framework is introduced for permission analysis, a hybrid mobile application that can run on both iOS and Android that places special emphasis on the relationship between the user’s privacy and the permission system. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 57 REFERENCES
Analyzing inter-application communication in Android
TLDR
This work examines Android application interaction and identifies security risks in application components and provides a tool, ComDroid, that detects application communication vulnerabilities and found 34 exploitable vulnerabilities. Expand
Aurasium: Practical Policy Enforcement for Android Applications
TLDR
A novel solution called Aurasium is developed that bypasses the need to modify the Android operating system while providing much of the security and privacy that users desire, and has been tested on three versions of the Android OS, and is freely available. Expand
AdDroid: privilege separation for applications and advertisers in Android
TLDR
AdDroid is introduced, a privilege separated advertising framework for the Android platform that enables AdDroid to separate privileged advertising functionality from host applications, allowing applications to show advertisements without requesting privacy-sensitive permissions. Expand
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TLDR
TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment. Expand
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications
TLDR
Two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated are examined, finding that they can successfully reduce the effective permissions of the application without causing side effects for 66% of the tested applications. Expand
PiOS: Detecting Privacy Leaks in iOS Applications
TLDR
To protect its users from malicious applications, Apple has introduced a vetting process, which should ensure that all applications conform to Apple’s (privacy) rules before they can be offered via the App Store, but this vetting process is not welldocumented. Expand
A Study of Android Application Security
TLDR
A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications. Expand
Android permissions demystified
TLDR
Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged. Expand
Towards Taming Privilege-Escalation Attacks on Android
TLDR
A heuristic analysis of Android's system behavior is conducted to identify attack patterns, classify different adversary models, and point out the challenges to be tackled, and a system-centric and policy-driven runtime monitoring of communication channels between applications at multiple layers is proposed. Expand
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
TLDR
A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed. Expand
...
1
2
3
4
5
...