Authors:
Mashael Aldayel
and
Mohammad Alhussain
Affiliation:
College of Computer & Information Sciences and King Saud University, Saudi Arabia
Keyword(s):
User Input, Sensitive, Privacy Leak, Disclosure, Data-flaw Analysis.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Privacy Enhancing Technologies
Abstract:
While smartphones and its apps have a fundamental role in our lives, privacy is a critical issue. With the constantly growth of mobile applications, smartphones are now capable of satisfying all kinds of users’ needs, dealing with more private and restricted tasks by the users and gain more access to sensitive and private data. This issue is even worse with the current absence of methods that can notify users of possibly dangerous privacy leaks in mobile apps without disturbing users with apps’ legitimate privacy exposes. Previous mobile privacy disclosure approaches are mostly concentrated on well-defined sources controlled by smartphones. They do not cover all sensitive data associated with users’ privacy. Also, they cannot filter out legitimate privacy disclosures that are commonly found in detection results and consecutively conceal true threats. Sensitive user inputs through UI (User Interface), are the dominant type of sensitive data that has been almost ignored. Defending this
kind of information cannot be accomplished automatically using existing techniques because it necessitates understanding of user inputs' semantics in apps, before identifying its positions. Moreover, eliminating legitimate privacy disclosures necessaries tracking of the related app data flows form these users’ inputs to various sinks. Such tracking will help to determine if this privacy disclosure is valid or suspicious. To address all these important issues, we propose an enhanced approach for detecting users’ inputs privacy disclosures that are truly suspicious.
(More)