APP隐私泄露风险评估与保护方案

王新宇; 牛犇; 李凤华; 贺坤

doi:10.11959/j.issn.1000-436x.2019085

您当前的位置：

首页 >

文章列表页 >

APP隐私泄露风险评估与保护方案

学术论文 | 更新时间：2024-06-05

- APP隐私泄露风险评估与保护方案
- Risk assessing and privacy-preserving scheme for privacy leakage in APP
- 通信学报 2019年40卷第5期页码：13-23
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100093
  2. 中国科学院大学网络空间安全学院，北京 100049
- 作者简介：
  
  [ "王新宇（1989- ），男，甘肃平凉人，中国科学院信息工程研究所博士生，主要研究方向为信息保护、隐私计算。" ]
  [ "牛犇（1984- ），男，陕西西安人，博士，中国科学院信息工程研究所副研究员，主要研究方向为网络安全、隐私计算。" ]
  [ "李凤华（1966- ），男，湖北浠水人，博士，中国科学院信息工程研究所研究员、博士生导师，主要研究方向为网络与系统安全、信息保护、隐私计算。" ]
  [ "贺坤（1995- ），男，安徽安庆人，中国科学院信息工程研究所硕士生，主要研究方向为信息保护、隐私计算。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2017YFB0802203);国家自然科学基金-广东联合基金资助项目(U1401251);国家自然科学基金资助项目(61672515);国家自然科学基金资助项目(61872441);中国科学院青年创新促进会人才基金资助项目;工业和信息化部2018工业互联网创新发展工程基金资助项目;工业互联网标识解析数据管理技术标准制定与试验验证
- DOI：10.11959/j.issn.1000-436x.2019085
  中图分类号： TN929
- 网络出版日期：2019-05，
  
  纸质出版日期：2019-05-25
- 稿件说明：
移动端阅览
王新宇, 牛犇, 李凤华, 等. APP隐私泄露风险评估与保护方案[J]. 通信学报, 2019,40(5):13-23.

Xinyu WANG, Ben NIU, Fenghua LI, et al. Risk assessing and privacy-preserving scheme for privacy leakage in APP[J]. Journal on communications, 2019, 40(5): 13-23.
王新宇, 牛犇, 李凤华, 等. APP隐私泄露风险评估与保护方案[J]. 通信学报, 2019,40(5):13-23. DOI： 10.11959/j.issn.1000-436x.2019085.

Xinyu WANG, Ben NIU, Fenghua LI, et al. Risk assessing and privacy-preserving scheme for privacy leakage in APP[J]. Journal on communications, 2019, 40(5): 13-23. DOI： 10.11959/j.issn.1000-436x.2019085.

摘要

针对APP中第三方服务提供商非法采集用户隐私信息的问题，提出了一种APP隐私信息泄露风险评估方案PRAS。该方案通过统计第三方服务提供商从不同APP获取的权限，并考虑权限组合对隐私泄露风险带来的非线性影响，构建模型来评估隐私泄露风险。基于风险评估结果，在服务质量与隐私保护之间进行均衡分析，最终给出系统整体的权限管理方案，在保证服务质量的同时，降低隐私信息泄露风险。实验结果表明，PRAS将APP整体的隐私泄露风险平均降低了18.5%。

Abstract

The APP in smartphone contain various third-party services.However

the service providers illegally read the user’s private information.To address this problem

a privacy risk assessing scheme called PRAS was proposed.Firstly

a model was built to assess the risk of privacy leakage

by counting all the permissions acquired by each service providers and considering the non-linear impact of the permissions combination on privacy leakage.Then

by analyzing the balance between service quality and privacy-preserving

an optimal model was used to minimized the risk of private information leakage

and a permission management method was given to protect the privacy information among APP.The experiment results show that PRAS reduces the risk of privacy leakage by an average of 18.5%.

关键词

Keywords

references

李凤华 , 李晖 , 贾焰 , 等 . 隐私计算研究范畴及发展趋势 [J ] . 通信学报 , 2016 , 37 ( 4 ): 1 - 11 .

LI F H , LI H , JIA Y , et al . Privacy computing:concept,connotation and its research trend [J ] . Journal on Communications , 2016 , 37 ( 4 ): 1 - 11 .

中国消费者协会 . APP 个人信息泄露情况调查报告 [R ] . 中国消费者协会 , 2018 .

CCA . Survey on personal information leakage by APP [R ] . China Consumers Association , 2018 .

奇虎360 . 2018中国手机安全生态研究报告 [R ] . 北京奇虎科技有限公司 , 2018 .

Qihoo 360 . China mobile phone safety ecology report [R ] . Qihoo 360 Technology Co.,Ltd. , 2018 .

GRACE M C , ZHOU W , JIANG X , et al . Unsafe exposure analysis of mobile in-APP advertisements [C ] // The ACM Conference on Security and Privacy in Wireless and Mobile Networks . ACM , 2012 : 101 - 112 .

CHEN K , LIU P , ZHANG Y . Achieving accuracy and scalability simultaneously in detecting application clones on Android markets [C ] // The ACM International Conference on Software Engineering . ACM , 2014 : 175 - 186 .

NARAYANAN A , CHEN L , CHAN C K . Addetect:automated detection of android ad libraries using semantic analysis [C ] // The IEEE International Conference on Intelligent Sensors,Sensor Networks and Information Processing . IEEE , 2014 : 1 - 6 .

LIU B , LIU B , JIN H , et al . Efficient privilege de-escalation for ad libraries in mobile APPs [C ] // The ACM Annual International Conference on Mobile Systems,APPlications,and Services . ACM , 2015 : 89 - 103 .

CRUSSELL J , GIBLER C , CHEN H . Scalable semantics-based detection of similar android applications [C ] // The European Symposium on Computer Security . 2013 : 1 - 21 .

WANG H , GUO Y , MA Z , et al . WuKong:a scalable and accurate two-phase approach to Android APP clone detection [C ] // The ACM International Symposium on Software Testing and Analysis . ACM , 2015 : 71 - 82 .

MA Z , WANG H , GUO Y , et al . LibRadar:fast and accurate detection of third-party libraries in Android apps [C ] // The ACM International Conference on Software Engineering . ACM , 2016 : 653 - 656 .

LI M , WANG W , WANG P , et al . LibD:scalable and precise third-party library detection in android markets [C ] // The ACM International Conference on Software Engineering . ACM , 2017 : 335 - 346 .

BACKES M , BUGIEL S , DERR E . Reliable third-party library detection in Android and its security applications [C ] // The ACM SIGSAC Conference on Computer and Communications Security . ACM , 2016 : 356 - 367 .

FELT A , HA E , EGELMAN S , et al . Android permissions:User attention,comprehension,and behavior [C ] // The ACM Symposium on Usable Privacy and Security . ACM , 2012 : 1 - 14 .

FAWAZ K , SHIN K G . Location privacy protection for smartphone users [C ] // The ACM SIGSAC Conference on Computer and Communications Security . ACM , 2014 : 239 - 250 .

TSAI L , WIJESEKERA P , REARDON J , et al . Turtle guard:helping android users apply contextual privacy preferences [C ] // The ACM Symposium on Usable Privacy and Security . ACM , 2017 : 145 - 162 .

AGARWAL Y , HALL M . ProtectMyPrivacy:detecting and mitigating privacy leaks on iOS devices using crowdsourcing [C ] // The ACM Annual International Conference on Mobile Systems,APPlications,and Services . ACM , 2013 : 97 - 110 .

LIU B , LIN J , SADEH N . Reconciling mobile app privacy and usability on smartphones:could user privacy profiles help? [C ] // The ACM International Conference on World Wide Web . ACM , 2014 : 201 - 212 .

LIU R , CAO J , YANG L , et al . PriWe:recommendation for privacy settings of mobile APPs based on crowdsourced users [C ] // IEEE International Conference on Mobile Services . IEEE , 2015 : 150 - 157 .

RASHIDI B , FUNG C , NGUYEN A , et al . Android user privacy preserving through crowdsourcing [J ] . IEEE Transactions on Information Forensics and Security , 2018 , 13 ( 3 ): 773 - 787 .

ZAKI M J . Scalable algorithms for association mining [J ] . IEEE Transactions on Knowledge and Data Engineering , 2000 , 12 ( 3 ): 372 - 390 .

LU L , LI Z , WU Z , et al . CHEX:statically vetting android apps for component hijacking vulnerabilities [C ] // The ACM SIGSAC Conference on Computer and Communications Security . ACM , 2012 : 229 - 240 .

ENCK W , GILBERT P , HAN S , et al . TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones [J ] . ACM Transactions on Computer Systems , 2014 , 32 ( 2 ): 1 - 29 .

LIU K , TERZI E . A framework for computing the privacy scores of users in online social networks [J ] . ACM Transactions on Knowledge Discovery from Data , 2010 , 5 ( 1 ): 1 - 30 .

LI F H , WANG X Y , NIU B , et al . TrackU:exploiting user’s mobility behavior via wifi list [C ] // IEEE Global Communications Conference (GLOBECOM) . IEEE , 2017 : 1 - 6 .

EGIRAUL T . Google play unofficial python API [Z ] . GitHub , 2016 .

XING L , PAN X , WANG R , et al . Upgrading your android,elevating my malware:privilege escalation through mobile OS updating [C ] // The IEEE Symposium on Security and Privacy . IEEE , 2014 : 393 - 408 .

浏览量

1049

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于角色资源级别的权限控制模型的设计与应用研究

基于同态密文转换的隐私保护卷积神经网络推理方案

基于多级代理许可区块链的联邦边缘学习模型

基于六维语义空间的自动驾驶风险评估研究

区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究