Generally, when an app runs on an Android device, users are asked to approve accesses to sensitive data or resources that require Android dangerous permissions. Otherwise, for other resources, requiring normal permissions, no approval is asked. Once access to resources has been gained, an app could send confidential data outside of the device, with no obvious abuse of security policies. Hence, users could witness a data leak, and, in general terms, a loss of control on data accessed, and about the ways they have been used. This paper shows the mechanisms that an app could use to gain sensitive data, hence breaching user privacy. Then, in order to preserve privacy, a novel and general defence solution is proposed, protecting data and resources in Android devices. Moreover, users are given the ability to configure which accesses have to be prevented and which are granted. As a proof of concept, our protection solution has been embedded in Wikipedia app, however is general and available for any app.
Mitigating Privacy-Related Risks for Android Users
Tramontana E.
;Verga G.
2019-01-01
Abstract
Generally, when an app runs on an Android device, users are asked to approve accesses to sensitive data or resources that require Android dangerous permissions. Otherwise, for other resources, requiring normal permissions, no approval is asked. Once access to resources has been gained, an app could send confidential data outside of the device, with no obvious abuse of security policies. Hence, users could witness a data leak, and, in general terms, a loss of control on data accessed, and about the ways they have been used. This paper shows the mechanisms that an app could use to gain sensitive data, hence breaching user privacy. Then, in order to preserve privacy, a novel and general defence solution is proposed, protecting data and resources in Android devices. Moreover, users are given the ability to configure which accesses have to be prevented and which are granted. As a proof of concept, our protection solution has been embedded in Wikipedia app, however is general and available for any app.File | Dimensione | Formato | |
---|---|---|---|
2019wetice.pdf
solo gestori archivio
Descrizione: Articolo principale
Tipologia:
Versione Editoriale (PDF)
Licenza:
NON PUBBLICO - Accesso privato/ristretto
Dimensione
467.94 kB
Formato
Adobe PDF
|
467.94 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.