Generally, when an app runs on an Android device, users are asked to approve accesses to sensitive data or resources that require Android dangerous permissions. Otherwise, for other resources, requiring normal permissions, no approval is asked. Once access to resources has been gained, an app could send confidential data outside of the device, with no obvious abuse of security policies. Hence, users could witness a data leak, and, in general terms, a loss of control on data accessed, and about the ways they have been used. This paper shows the mechanisms that an app could use to gain sensitive data, hence breaching user privacy. Then, in order to preserve privacy, a novel and general defence solution is proposed, protecting data and resources in Android devices. Moreover, users are given the ability to configure which accesses have to be prevented and which are granted. As a proof of concept, our protection solution has been embedded in Wikipedia app, however is general and available for any app.
|Titolo:||Mitigating Privacy-Related Risks for Android Users|
TRAMONTANA, EMILIANO ALESSIO (Corresponding)
|Data di pubblicazione:||2019|
|Appare nelle tipologie:||4.1 Contributo in Atti di convegno|