Open Access System for Information Sharing

Login Library

 

Article
Cited 1 time in webofscience Cited 1 time in scopus
Metadata Downloads

Prevention of Cross-update Privacy Leaks on Android

Title
Prevention of Cross-update Privacy Leaks on Android
Authors
CHO, BEUMJINLEE, SANGHOXU, MENGJI, SANGWOOKIM, TAESOOKIM, JONG
Date Issued
Jan-2018
Publisher
ComSIS Consortium
Abstract
Updating applications is an important mechanism to enhance their availability, functionality, and security. However, without careful considerations, application updates can bring other security problems. In this paper, we consider a novel attack that exploits application updates on Android: a cross-update privacy-leak attack called COUPLE. The COUPLE attack allows an application to secretly leak sensitive data through the cross-update interaction between its old and new versions; each version only has permissions and logic for either data collection or transmission to evade detection. We implement a runtime security system, BREAKUP, that prevents cross-update sensitive data transactions by tracking permission-use histories of individual applications. Evaluation results show that BREAKUP’s time overhead is below 5%. We further show the feasibility of the COUPLE attack by analyzing the versions of 2,009 applications (28,682 APKs). © 2018, ComSIS Consortium. All rights reserved.
URI
http://oasis.postech.ac.kr/handle/2014.oak/41010
ISSN
1820-0214
Article Type
Article
Citation
Computer Science and Information Systems, vol. 15, no. 1, page. 111 - 137, 2018-01
Files in This Item:

qr_code

  • mendeley

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher

 KIM, JONG
Dept of Computer Science & Enginrg
Read more

Views & Downloads

Browse