Prevention of Cross-update Privacy Leaks on Android
SCIE
SCOPUS
- Title
- Prevention of Cross-update Privacy Leaks on Android
- Authors
- CHO, BEUMJIN; LEE, SANGHO; XU, MENG; JI, SANGWOO; KIM, TAESOO; KIM, JONG
- Date Issued
- 2018-01
- Publisher
- ComSIS Consortium
- Abstract
- Updating applications is an important mechanism to enhance their availability, functionality, and security. However, without careful considerations, application updates can bring other security problems. In this paper, we consider a novel attack that exploits application updates on Android: a cross-update privacy-leak attack called COUPLE. The COUPLE attack allows an application to secretly leak sensitive data through the cross-update interaction between its old and new versions; each version only has permissions and logic for either data collection or transmission to evade detection. We implement a runtime security system, BREAKUP, that prevents cross-update sensitive data transactions by tracking permission-use histories of individual applications. Evaluation results show that BREAKUP’s time overhead is below 5%. We further show the feasibility of the COUPLE attack by analyzing the versions of 2,009 applications (28,682 APKs). © 2018, ComSIS Consortium. All rights reserved.
- URI
- https://oasis.postech.ac.kr/handle/2014.oak/41010
- DOI
- 10.2298/CSIS170728047C
- ISSN
- 1820-0214
- Article Type
- Article
- Citation
- Computer Science and Information Systems, vol. 15, no. 1, page. 111 - 137, 2018-01
- Files in This Item:
-
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.