These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

@inproceedings{Hornyack2011TheseAT,
  title={These aren't the droids you're looking for: retrofitting android to protect data from imperious applications},
  author={Peter Hornyack and Seungyeop Han and Jaeyeon Jung and Stuart E. Schechter and David Wetherall},
  booktitle={CCS '11},
  year={2011}
}
We examine two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated: (1) covertly substituting shadow data in place of data that the user wants to keep private, and (2) blocking network transmissions that contain data the user made available to the application for on-device use only. We retrofit the Android operating system to implement these two controls for use with unmodified applications. A key… 
Securing the mobile environment: firewall anti-leak of sensitive data on smartphone
TLDR
A firewall Anti-Leak of Sensitive Data on Smartphone (ALSDS) is proposed, allowing reliable protection against leakage of sensitive personal and professional data, and it allows providing notifications to the user.
PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices
TLDR
This work presents PrivacyGuard, an open-source VPN-based platform for intercepting the network traffic of applications, and investigates its use for detecting the leakage of multiple types of sensitive data, such as a phone's IMEI number or location data.
ipShield: A Framework For Enforcing Context-Aware Privacy
Smart phones are used to collect and share personal data with untrustworthy third-party apps, often leading to data misuse and privacy violations. Unfortunately, state-of-the-art privacy mechanisms
The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations
TLDR
This study analyzed three popular phones from Samsung, identified their likely flaws and built end-to-end attacks that allow an unprivileged app to take pictures and screenshots, and even log the keys the user enters through touch screen.
Securacy: an empirical investigation of Android applications' network usage, privacy and security
TLDR
Securacy, a mobile app that explores users' privacy and security concerns with Android apps, provides unprecedented insight into Android applications' communications behavior globally, indicating that the majority of apps currently use insecure network connections.
A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android
TLDR
This work proposes to model the usage of the accessibility framework as a pipeline of code modules, which are all sandboxed on the system-side, and achieves a more fine-grained control over the access to accessibility features and the way they are used in apps by policing the data flows.
PSiOS: bring your own privacy & security to iOS devices
TLDR
The design and implementation of PSiOS is presented, a tool that features a novel policy enforcement framework for iOS that provides fine-grained, application-specific, and user/administrator defined sandboxing for each third-party application without requiring access to the application source code.
A privacy enforcing framework for Android applications
Impact of User Data Privacy Management Controls on Mobile Device Investigations
TLDR
Variations of the Android operating system that attempt to bypass the limitations imposed by the previous Android permission model are discussed and the fact that forensic analysts will encounter devices with altered characteristics is highlighted.
An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps
TLDR
A first comprehensive analysis of 283 Android apps that use the Android VPN permission, which is extracted from a corpus of more than 1.4 million apps on the Google Play store, reveals several instances of VPN apps that expose users to serious privacy and security vulnerabilities.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 32 REFERENCES
Taming Information-Stealing Smartphone Applications (on Android)
TLDR
A system called TISSA is developed that implements a new privacy mode in smartphones that can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application.
PiOS: Detecting Privacy Leaks in iOS Applications
TLDR
To protect its users from malicious applications, Apple has introduced a vetting process, which should ensure that all applications conform to Apple’s (privacy) rules before they can be offered via the App Store, but this vetting process is not welldocumented.
MockDroid: trading privacy for application functionality on smartphones
TLDR
MockDroid allows users to revoke access to particular resources at run-time, encouraging users to consider the trade-off between functionality and the disclosure of personal information whilst they use an application.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TLDR
TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment.
On lightweight mobile phone application certification
TLDR
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.
Panorama: capturing system-wide information flow for malware detection and analysis
TLDR
This work proposes a system, Panorama, to detect and analyze malware by capturing malicious information access and processing behavior, which separates these malicious applications from benign software.
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
TLDR
It is proved that, contrary to statements in the literature, run-time systems like RIFLE are no less secure than existing language-based techniques, and the performance cost is reasonable.
PRECIP: Towards Practical and Retrofittable Confidential Information Protection
TLDR
This work applies PRECIP to Windows XP to protect the applications for editing or viewing sensitive documents and browsing sensitive websites, and demonstrates that the implementation works effectively against a wide spectrum of spyware, including keyloggers, screen grabbers and file stealers.
Privacy Protection for Social Networking APIs
Social networking APIs integrate third-party content into the site and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy
iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs)
TLDR
This paper investigates where and how UDIDs are being shared, with whom, and how the UDID is being used.
...
1
2
3
4
...