Mobile Dynamic Privacy and Security Analysis at Scale

Principal Investigator(s): 
Serge Egelman

Current approaches for detecting suspicious application activity on mobile platforms rely on static analysis: reverse-engineering and examining sequences of program code to infer application behavior. This method invariably falls short in that it can only detect what behaviors or capabilities a program might have, and not whether and to what extent a program actually engages in these behaviors. It is also susceptible to code obfuscation techniques commonly used by many mobile applications. Other approaches, like taint tracking, which modify the data as it traverses through the application, may cause unpredictable application behavior, may be detected, and do not scale.

In the course of prior research to develop a novel Android permission system, ICSI researchers developed a framework for performing dynamic analysis of smartphone applications. This allows them to monitor actual program behavior in realtime to examine how often and under what circumstances applications attempt to access sensitive resources protected by application permissions. They have also developed an advanced network monitoring tool for Android to monitor and understand the third-party data-sharing ecosystem. The network monitoring tool provides insight into the data that applications share with remote third-party services. Pairing real-time observations of application behavior with this advanced network traffic monitoring results in one of the most sophisticated views of when sensitive data is accessed and where it gets sent. None of the tools require modifying the applications undergoing analysis: they are able to evaluate any application on the market, even those that obfuscate their code. Based on commercial demand, they are in the process of modifying these tools for deployment in virtualized environments, which will allow them to analyze mobile applications at scale. This platform can be used to answer some of the following questions:

  • How often do apps violate various privacy regulations and/or privacy policies?
  • What are the causes of unintentional violations and can we help developers fix them?
  • Are most privacy violations due to core application code or bundled third-party libraries?
  • How can these analysis results best be presented to help end-users make privacy decisions about the applications that they use?

The ultimate goal of this research is to build an analytics-as-a-service platform that yields realtime insights into the privacy and security behaviors of current smartphone applications.

Funding provided by NSF