User Privacy and Data Flow Control for Android Apps: Systematic Review Study

instruction

journal homepage: www.elsevier.com

 

User Privacy and Data Flow Control for Android Apps: Systematic Review Study

ARTICLE INFO ABSTRACT
Article history:

 

Recently smartphones provide a combinations of phone network connectivity with high-speed data networking capabilities, geolocation services, broadcasting services, contact and data sharing. Mobile users often download apps on their devices to have different types of functionalities e.g. banking, learning, games, social media or other service Apps. Too often, these Apps consider data privacy less serious than users’ expectations. Many mobile applications misbehave and upload users’ data without permissions. Large number of studies have been conducted with the goal of proposing solutions to protect user’s devices. In this paper have been reviewed 86 research articles related to user privacy and data flow control for Android apps. A critical analysis of the proposed solutions has been conducted with a focus on security extensions and mechanism for android mobile platform.Furthermore, possible solutions and research directions has been discussed.
Keywords:

User Privacy

Data Flow Control

Android Apps

Mobile Application

 

 

 

  1. Introduction

 

Modern mobile technologies improve accessibility to private and sensitive data. Currently mobile devices present detailed personal contact information, list of contacts, e-mail messages, appointments, location data and much more personally identifiable information. Android OS become a  targetable technology for hackers and malicious programs(Neisse, Steri, Geneiatakis, & Nai, 2016).On May 2015, Apple app store has around 1,400,000 Apps, Amazon Appstore has 360,000 Apps, Windows phone store has 340,000, BlackBerry world has about 140,000 and Android google play has a round 1,600,000 (Jason Hong, 2017). The number of available applications in Android Market (Google store) surpassed one million applications on July 2013 and was most recently reached two million applications in last February 2016. In March 2017, the applications uploaded to Android google play was 2,800,000, comparing to apple store which consist a round 2,200,000 (Statista, 2017). Recent studies(Song, Han, Wang, Zhao, & Ranjan, 2016;Hussain et al., 2018; Talha & Alper, 2018)stated that Android platform prevail on the world of smartphone market with morethan 80 percent segment. The reason behind this can be credited to its transparent natureand open-source approach. Moreover, Android platform adopts permissions mechanism to protect the sensitive datafrom untrusted use. Android does pose few threatswhen concerned to user privacy. The permissions are approved by users at installation time. Moreover, google improved the Android versions where user can switch off the apps permission that approved at installation time. Apps could use these authorizations to access sensitive data without any type of control or restrictions latter on these apps can copy, upload and shar users’ data without user knowledge or permission. Therefore, securing such data is observed as on the most valuable and considerable discussion in terms of issues, trustees, consistencies and accuracy. Besides, users download apps, as well as use different remote and cloud services to share their data without thoughtful of the security issues that could occur during performing these operations.

Currently, the numbers of attackers and malicious software have raised rapidly (Felt et al., 2012). Privacy concerns in the Android OS are growing, many research studies and reports have been published, efforts have been carried out to detect and analyze privacy leakage either statically, dynamically or using other approaches (Zhou, Wang, Zhou, & Jiang, 2012; Nauman, Khan, & Zhang, 2010; P. Singh, Tiwari, & Singh, 2016; Fuchs, Chaudhuri, & Foster, 2010). Furthermore, privacy infiltration is an information flow security problem where users personal and confidential data leakage via different channels without the intent of its owner. Sometimes, users are willing to share their private or sensitive data with others e.g. location, photo and contacts. The confidential data will be send to a remote server in exchange for valuable services such as location-search services. Due to erroneous decisions from third party, these data can be shared with advertising companies. Also, the private data can be detected by hackers within a certain period of time which lead to information leakage and cause a huge financial damage (Y. Kim, Oh, & Kim, 2015; M. Sarrab, 2013; Martin & Shilton, 2016). In addition, Google as Android operating system provider, force application developers to get users prior permission to access and collect any users’ personal data up front. Applications gather users’ data for the sake of quickly expand people network to use the developed program. However, application developers noticed that some mobile social networks, were uploading users address books to different servers without users’ prior knowledge or permission.

Many studies focused on solutions to construct effective monitoring approaches that trace the behaviors of Android system and downloaded application. These approaches have been proposed based on Android OS (Felt et al., 2012; Understanding & Security, 2009; Qian, Cai, Xie, & Zhang, 2016; Holla & Katti, 2012). Despite many research conducted and solutions proposed, a good solution to defeat privacy leakage at runtime is still lacking. Nevertheless, many studies have proposed and discussed set of related Android applications and frameworks (Zhou et al., 2012; Chin, Felt, Greenwood, & Wagner, 2011; Blasing, Batyuk, Schmidt, Camtepe, & Albayrak, 2010; Enck et al., 2014) which proposed a mechanism to track the behaviors of the installed apps using different code analysis techniques. Besides, Google play allow developers to publish their applications with no review or any approval process. This policy has been criticized by many researchers and  has been shown to be a way for potential vulnerability to malicious requests (M. S. Bin Liu et al., 2016). Therefore, the user data can be downloaded, uploaded and shared over different mobile cloud services. The transmission of user privacy data have numerous performance related impedimentsdue to the unnecessary overhead e.g. bandwidth, storage size and battery lifetime.(Yadav & Doke, 2016).

 

Since most of the services accessed by users are from cloud and external host, it’s worth to address the security properties that must be included in different mobile platform environment. Nachenberg in 2011 has categorized mobile attacks in several categories: application-based attacks, web-based attacks, network-based attacks and physical based attacks. These attacks impact the security properties and privacy attributes e.g. confidentiality, integrity, availability, and privacy of mobile data and applications. Confidentiality is one of security attributes that is associated with securing and privately controllingthe users’ data. This sensitive data can be only authorized to those who have rights to access, to interact and to manipulate (Nachenberg, 2011). Different user tasks should not be shared with others and must be confidential while accessing the cloud services (Yadav & Doke, 2016; Xiao, Xiao, & Member, 2013; Niekerk, Solms, & Niekerk, 2013). Another security property is data integrity which is responsible to offerthe maintenance for user data during user transactions and communication e.g. transfer, receive or store data from/to the cloud servers. Moreover, any violations related to the user data should be detected e.g. data is missing, reformed, or corruptedduring the intercommunication between user mobile services and services in the cloud (Yadav & Doke, 2016; Xiao et al., 2013). Since more user data will be hosted over the cloud and get transmitted with mobile and other handheld devices, there are two challenges in data integrity according to(Xiao et al., 2013):

  • Huge user data capacity makes predictable hashing structure not viable; thus lead to losing of data.
  • Integrity checking can only be applied when there are further requirements, for instance, no integrity guarantees and distributed setting for data unless there are dynamic operations.

Availability is another crucial security factor that concern with the availability of data to be accessusing different services, data providers and real-time tools. The service provider should make sure that the tools and data used by users are a variable. However, when a certain service is not accessible or the quality of service cannot meet the users specifications, the service provide should fix out the issues and maintain possible solutions or replace the services  with perfect once (Yadav & Doke, 2016; Xiao et al., 2013). Object reusability and data remanence are sub-category of data availability. Moreover, privacy is another critical concern while using mobile devices, user sensitive data exist and shared among different distrusted data servers, which are hosted and maintained by the service providers. Therefore, there are possible hazards that the confidential data e.g., financial data, user photos, emails and other privatecontents is released to public, business competitors’, external attacker threats and data leakage.

Authorization is a mechanism in which mobile system determines what level of access apps and other people must access and transfer the data to other channels. The user with access permission can control and manage the various resources including the access to private data.(Yadav & Doke, 2016; Xiao et al., 2013).  One of danger behavior that attacks mobile system is WannaCrypt virus which has attacked many devices and computers around the world where more than 200,000 systems have been contaminatedin over 150 countries. The virus force victims to pay a ransom in order to regain access to their files or systems  (Epstein, 2017; Patterson, 2017).

 

This research reviews the studies those have been analyzed in different perspectives based on android security fields (OS, apps and users based-apps), investigates Android permissions system that mobile users grant to install Apps.  It is worth to mention that in this article, security in mobile platforms has been discussed in which users can check out what are those apps that could tech their personal data and take actions based on logs.

Therest of thispaperis organized as follows; Section 2 presents an overview of Android system. Section 3 provides the research methodology. Section 4 providesgeneral overview of private and sensitive data of mobile technology. Section 5 presents an Android OS, apps and user levels existing security tools. Section 6 discusses existing solutions in respect of analysis mechanisms. Finally, Section 7 provides the research recommendation and conclusion.

Android is an open source software stack for mobile phones, tablets, TVs, wearables and other devices.Its supported by OHA (Open Handset Alliance). Android software stack is structuredinto five main layers which is mainlyachieved by its subdivision into six components, Kernel layer, Hardware Abstraction layer, Native libraries layer, Application framework layer and Application layer. In kernel layer,Linux as a kernel open source build the overall Android system. This layer provides basic drivers, power management, network configurations, file-system management, inter-process communication and task scheduling. Above this layer, there is a hardware aspect that include the abstraction of different hardware devices e.g. camera, input, graphics etc.In addition, Native libraries layer compose of two main aspects which are Android Runtime (ART) that uses ahead of time (AOT) compilation e.g. apps compiled at the installation time to ready to run state. This improves the overall performance and Android device battery life. However, Dalvik Virtual Machine uses just on time compiler as Android apps dex file that translated to their native representation on demand. Java programming language is used for Android apps development and its shared libraries and native code are developed in C/C++ (Shweta Bhandari, Wafa BenJaballah, Vineeta Jain, Vijay Laxmi, Akka Zemmari, Manoj Singh Gaur, Mohamed Mosbah, 2017). In addition, Android developers have the right to access the application framework layer and utilize different management capability. Moreover, application layer provides a build-in platform application e.g. browser, content provider, media player etc.

This separation of layers is reflected in the whole software stack implementation. Each layer of the stack assumes thatthe layer below is secured. At the core of the Android architecture is the apps permissions-based accessibility. This mechanism by default rejects any external access to features or functionality that could negatively impact the user experience, the overall system, or other applications installed on the device, if the required permissions are not granted. Android system forces developers to declare these required permissions during the development phase. These permissions allow users and apps to gain accessto different features e.g. access to internet connections and GPS functions, personal information, system hardware and settings, and many other device features. In Android version 4, the permissions granted at install time only. However, the newest version of Android, allow user to impose the permissions at run time, but must be authorized by the user at install time. When users install a new application in android, the system prompted a set of permissions to be accepted or denied (Barrera, Oorschot, & Somayaji, 2010). The permissions approved to each application are well-defined in its required manifest file. The manifest file holds all significant values that are bound to the application at compile time and cannot be altered afterwards unless the application is recompiled e.g. name of Android app package, version of Android API, minimum and maximum Software Development Kit (SDK) that the app run on. Android permissions are classified into three security levels: Normal, Dangerous, and Signature. Normal permissions secure the API calls that may not damage the user data e.g., set wallpaper, these do not involve user approval. On the other hand, dangerous permissions let an application perform harmful actions e.g., record audio/video. Moreover, signature permissions control access to very dangerous privileges, e.g., clear user data (Felt, Wang, Moshchuk, Hanna, & Chin, 2011). Furthermore, google provide another security model for app isolation which can be realized by imposing each application to perform its functions within its own secure sandbox. This technique assigned Android as apart from other operating systems present in the market and is set up of the kernel. Therefore, an instance of an application is isolated from other applications in the memory (Mahmood et al., 2012). All apps running in the Android OS are assigneda low-privilege user ID, are only allowed to access their authentications files without any interfere with other apps. The isolation is a protection against “inter-process”security flaws, meaning that a security problem in agiven app will not interfere with the resources of other apps(Neisse et al., 2016).

 

The article provides a systematic review study of recentresearch works related touser privacy and data flow control for Android applications.This systematic review study, is based on the Kitchenham’s guidelines(B. Kitchenham, 2014) that has already been used by many other systematic review studies(Phu H.Nguyen, Max Kramer, Jacques Klein, 2015;Zlatko Stapić, Eva García López, Antonio García Cabot, Luis de Marcos Ortega, 2012; Li Li, TegawendéF. Bissyandé , Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, Le Traon, 2017). To achieve the study objectives, the methodology is divided into different steps shown in figure 1:

  • The first step is about defining the research question.
  • Then the search keywords specification.
  • Search process.
  • Elimination criteria to consider only the relevant articles.
  • Approach level classification.

 

 

 

 

 

 

 

 

 

 

 

Defining Research Question
Classification

 

 

 

 

 

 

 

 

 

Repository Search
Specification Keywords
Search Process
Elimination criteria
Digital Resources
OS

 

 

 

 

App

 

 

 

 

User

 

 

 

 

Cross Check

 

 

 

 

SRS

Report

 

 

 

 

Figure1:Systematic Review Study (SRS) Process

 


  • Research Questions

The first step is about defining the research question. The aim of this systematic review study is to address the following research questions:

  • What are the fundamental techniques and approaches used to control user privacy in Android apps? In this question, the research is focused on Android specific characteristics that should be considered to achieve privacy and data flow control in different approaches level including OS, application and user level.
  • What are the state-of-art works on user privacy and data flow control in Android apps?The answer of the research question, need to survey various issues and all approaches related to user privacy and data flow control in Android apps.
  • What challenges and open questions remain need to be addressed?With this question, the researchers investigate deeply in the issues and challenges related to data flow control and user privacy in Android apps. The researchers investigate in the remaining open research questions those do not benefit from the different research effort.
    • Search keywords specification.

Based on the research questions specified in section 3.1 the search keywords were summarized. Table 1. represents the actual selected and used keywords. The keywords ‘Android apps’, ‘user privacy’ and ‘data flow control ‘were used as the main broad search strings.

 

 

Table 1 Search keywords

No Keywords
1 User Privacy; User-Privacy;
2 Data Flow; Data-Flow; Data Flow Control; Data-Flow-Control;
3 Android; Android apps; Android-apps;
4 Mobile; Mobile apps; Mobile-apps;
5 Smartphones; Smart Phone; Smart-Phone;

 

 

The search string S is formed as a disjunction of the first two lines and conjunction of the disjunction of last three lines of the specified keywords:

S=: L1 OR L2 AND (L3 OR L4 OR L5)

Whereas, each line represents as disjunction of its selected keywords e.g. L1 =: {User Privacy OR User-Privacy}.

 

  • Search process

An electronic database literature search has been conducted using different digital resources such as Google Scholar, IEEE Xplore, Web of Science, CiteSeer, ACM Digital Library and SpringerLink.

  • Elimination criteria

Research articles were selected based on their relevance as indicated not only by the title but also by the abstract and in some cases scan and analysis of the full paper. Additionally, a manual examination of articles references was conductedto select additional articles that might be missed using by different digital resources. Generally, peer-reviewed journal articles and peer-reviewed conference papers were included. However, only the subject books, book chapters, journal articles and conference papers in which user privacy and data flow control for Android apps explicitly discussedand described were considered eligible. Other resources that dealt with data flow control and privacy issues in mobile applications in general were not considered.

  • Approach level classification

This systematic review resulted in more than 87 different type of articles. These articles were analyzed and classified according to their approach level: operatingsystem, application or user level. Only articles that considered user privacy and data flow control explicitly with the respect of different approach levels were included. Hence, general articles those provides and discusses general ideas, research proposals, ethical and legal discussions were not considered. This finally, resulted 40 Android security approaches that accounted 7 OS security tools, 27 considered application level and 6 user existing security tools.

 

  1. Existing Solutions

Different approaches, models, frameworks and ideas have been proposed for handling user privacy issues. These solutions followed various information flow approaches and numerous code analysis methods including Static Analysis, Dynamic Analysis, Execution Monitor, Program-Rewrite and Program Slicing. Before we highlightdifferent flow control approaches, there is a need to consider the differences between Information Flow Control and Date Flow Control (DFC). Information Flow Control (IFC) is  about tracking and monitoring how confidential user information is transferred, broadcasted and processed during the execution of untrusted programs or software systems in order to make sure that the method of transmission operate securely (Hedin & Sabelfeld, 2011; Bacon et al., 2014; Mohamed Sarrab & Elbasir, 2015; Moura, 2015; Singh et al., 2015). Two main related aspects for having secure information flow are: (a) information confidentiality and (b) information integrity. That is, no private information should leak over network and cloud services and no untrusted involvement from the network should leak into the database or related storage.

 

Many of mobile applications in different stores may infiltratethe private user data during the user interaction and usage of its operations. Existing mobile platforms collectuser private datafor marketing intention, diagnostics, or as part of the service they provide.Thecollected user information may be stored, shared or distributed to third parties by the app developer, used by other applications or obstructed by unauthorized users. Therefore, allowing users to use a secure tools for their mobile devices or even be aware of malware attacks is very critical (Micro, 2017). Differentanalysis techniques have been introduced to discover the malicious activities in mobile apps.The first method is static analysis which analyzes the applications without executethe code of the app. ituses the data and information flow examination or symbolic execution to determine the leakage of privacy. Static analysis examines all possible execution tracks.(Ren et al., 2016)(Sarrab & Bourdoucen, 2013)(Cao et al., 2015)(Geneiatakis et al., 2015). Furthermore, Bartel and colleagues discussed that the static analysis method is complicated for android mobile application due to three main reasons:(1) Android applications consist of different components e.g. activities, services, broadcast receivers and content providers. The communications between these components involve Intents and Intent Filters which cause a discontinuity in the control-flow of Android applications and lead to pre-processing of the code to resolve links between components. (2) The issue related to user behaviors while using touch screen action and interacting with the GUI. The management of user involvements can be controlled via handling specific callback methods/functions e.g onClick method which is called when the user clicks on a button. Hence, static analysis requires an accurate model which can stimulate users’ behavior very obviously. (3) The lifecycle mechanism of the Android components, due to that fact there is no main method in Android programming. Android system uses different components states lifecycle by calling callback methods such as onStart or onResume. Nevertheless, these lifecycle procedures are not directly connected in the code. Thus, modeling the Android application permits to connect callback methods to the rest of the code (Klein, Traon, Li, & Bartel, 2015).

 

The second type of analysis is dynamic analysis which concerned with monitoring, tracking and regulating a program execution during runtime. This type of tracing is more precise than static analysis because it requires the current execution of the program to reach appropriate code coverage; can cover language features e.g. pointers, arrays and exceptions easier than static analysis (Ren et al., 2016,Sarrab & Bourdoucen, 2013, Steven et al., 2014, Zimmeck et al., 2016). In addition to dynamic analysis, program re-write technique can be considered as one of runtime approaches. This approachfocusing on satisfying security policy during runtime, its expensive process and suffering a non-negligible overhead on the applications. The core feature of this method is rewriting instructions that interrupt by security policy at runtime. Comparing with other approaches, program-rewrite fail to detect implicit flows of information, which can be achieved by a static analyzer that considers the whole code, rather than just the executed instructions (Rocha et al., 2013). Another important runtime approach is, execution monitor approach. This technique achieved data labelling and information tracking during the execution of the program. It detects, monitors and follows different events when applications deal with the data coming/going from/to sensitive information sources e.g. device location sensor, user phone contacts, then reporting these application, data type and network destination to the user(Moura, 2015). Sarrab and Elbasir discussed another mechanism called program slicing. The technique gets involved specially in re-engineering or debugging the program and it focus on a part of a given program. There are different types of program slicing: 1) Static slicing which enhanced the static analysis by computed symbolic values without considering the program input. 2) Dynamic slicing,in thistechnique the slice is calculated for fixed input or data value. 3) Forward slicing is focused on program statements and what are those variables value affected the statements. 4) Backward slicing, this type of slicing is calculated from any point in the program to discover all statements that can affect specific variables(Sarrab & Elbasir, 2015).

 

 

 

  • Android OS existing security approaches

In operating system level,many research studies have been conducted to secure the OS, tracking the flow of information and user data privacy and discovering the malware at kernel level. The proposed approaches targeted the kernel layer, thus the researchers categorized them to be based on the Android OS. Chen and colleagues proposed aKARMA patches which is a multi-level adaptive patching model to preserve Android kernel vulnerabilities from exploits. This model can be located at multiple levels in the kernel to filter malicious user inputsavoid the vulnerabilities. KARMA’spatches are built using a high-level memory-safe language, the user inputs will be filter and check the leakage(Chen et al., 2017).Qian and associatesprovided a combination of static and dynamic security analysis models that enable the analysis of malicious behavior more comprehensively and accurately (Qian et al., 2016). In 2016, Singh and colleagues discussed the malware characterization that implemented in Android manifest file(Singh et al., 2016). Moreover, they gave the user the ability to improve the efficiency of Android permission which can inform user about the risk of Android permission and apps., Shao and associates introduced an android security solution that targetsthe inconsistent security enforcement within the Android OS. This solution provided a methodology that discover the inconsistency in security policy enforcement in Android using a proposed approachcalled Kratos.Kratos is a static analysis mechanismthat build a callgraph for checking paths that allow third-party applicationswith insufficient privileges to access sensitive data(Shao, Ott, Chen, Qian, & Mao, 2016).  However, Kratos is only a static analysis tool for systematically discovering the inconsistencies of security policies, the methodology did notdiscuss how Android application can protected resources (Su, Kywe, Li, Petal, & Grace, 2016)(Backes et al., 2016).Furthermore, Hay and partners proposed a framework called IntentDroid that dynamicallyobserves Android apps for Inter ApplicationCommunication (IAC) related integrity vulnerabilities such as customuri’s, payloads in IAC messages etc. the authors developedan aggressive settingfor eight vulnerabilitiesnamely, Cross-Site Scripting, SQL Injection, Unsafe Reflections, UI (User-Interface) Spoofing, Fragment Injection, Java Crashing, Native Memory Corruption and File Manipulation. The approach examined the android apps in three main stages: Instrumentation, Testing and Reporting. Therefore, we could consider this approachto be as well as an application security tool(Hay R, Tripp O, 2015). However, IntentDroid test only android activity as a component for IAC vulnerabilities and ignore the other android component. Also, IntentDroid does not considermulti-app attack(Bhandari, Ben, Jain, & Laxmi, 2017).

In 2012, Felt and colleagues studied whether the Android permission structure is operative at warning users. They evaluated whetherAndroid users pay attention to app permissions during installation time, understand these permissions, and act on permission information(Felt et al., 2012). Theydid two usability studies to validate the user’s response in terms of Android permission system: An Internet survey of 308 Android users, and laboratory observation study have been done for 25 Android users. They concludedthat Android permission warnings system do not satisfythe user’s requirements. Holla and Katti discussed the application development of Android mobile platform and provided an important layered approach that could be used to secure information in Android OS. This app developed by (Bläsing et al., 2010) and can achieve both static and dynamic investigation on android programs to automatically reveal suspiciousin applications.(Holla & Katti, 2012). On the other hand, AASandbox generates low detection accuracy because it’s very varied(Mohini, Kumar, & Nitesh, 2013)(Lin, Lai, Chen, & Tsai, 2013).Furthermore, Cao and colleagues implemented static analyzer called EDGEMINER, which explore statically the entire Android OSto automatically produce API summaries. This APIs address the issue of implicit flow control transitions including the well-defined callbacks in the Android framework. Also, the tool performs inter-procedural backward data flow investigation to extract a list of Android OS registration-callback(Cao et al., 2015).

To conclude this section, most of these mechanisms are based on analysis of permissions granted to apps and only discussed the tracing of information flow based on Android OS level. This type of analysis is not sufficient for detecting all levels of malware, because it can detect collusion attacks in OS level without enabling the user to control the permissions or modifying the privacy access.

 

  • Android Application existing security approaches

In the apps approaches context, Enck and colleagues introduced TaintDroid approachthat used to monitor the flow of user’s private data that have been developed/downloaded from third-party stores (Enck et al., 2014). This approach uses dynamic analysisto track the flow of private and sensitive data through third-party applications. Moreover, TaintDroid monitors as the real-time mechanism to detect the flow in how these applications access and operate users’ personal data. In 2014, Gurkok and Wei developed Android app called ProfileDroid, this tool takes care of a multi-layer monitoring and profiling apps. This approach profiles the apps at four main layers: (a) static, or app specification, (b) user interaction, (c) operating system, and (d) network. Figure 2 illustrated the architecture of ProfileDroid (X. Wei & Gurkok, 2014).

 

Figure 2:Architecture of ProfileDroid (X. Wei & Gurkok, 2014)

 

 

 

 

 

 

 

 

However, its main obstacle is that it does not offer any profiling results about consumed time. Due to the usageof different profiling tools at different layers, the tool suffer from overhead(Lin, Ho, Lai, Du, & Chang, 2013).Lortz and associates developed a Cassandra app checker tool. The developed tool permits users of mobile devices to check whether Android apps observe their personal privacy requirements before installing these apps. Moreover, Cassandra allow user to define security policies, verify that apps follow these policies before installation and also it performs the security analysis of apps on a server. However, Cassandra covers around 211 out of 218 Dalvik instructions, also it does not  support exception handling and synchronization methods (Lortz et al., 2014). In addition, Wei and colleagues developeda static security analysis frameworkcalled Amandroid. Amandroid monitorsdata flow of an app across various components. Also, it computes the information flow in a different ways including the usage of an environment method for individual component that calls the relevant callbacks(F. Wei, Roy, & Ou, 2014).

However, this frameworkhas less performance ability to handle exceptions including handling the concurrency and reflections issue(Bhandari et al., 2017). Moreover, Oluwafemi and partnersproposed a AppFork which allows users to isolate and secures two different entities on the single phone single e.g. work and active personal profiles (Oluwafemi & Riva, 2014). The researchers address data leakage channels by developing ChannelCheck tool that uses static and dynamic analysis to automatically detect the leakage of channels. The tool has been tested through the analysis of over 14,000 Android apps. AppFork still realizes the security of virtualization-based methods, but with a smaller overhead (Oluwafemi & Riva, 2014)(Oluwafemi, 2015). In the same year, Arzt and associates presented a FlowDroid tool which perform a static taint analysis for Android applications. FlowDroid analyzes the apps’ bytecode and configuration files to check out the potential privacy leaks which caused by carelessness or produced by malicious(Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden & Jacques Klein, Yves Le Traon, Damien Octeau, 2014).

In 2014 Steven and his partnerdeveloped tool as the first static taint-analysis system which maintain fully context, flow, field and object-sensitive of complete Android lifecycle.Itexamined the correct handling of callbacks and user defined UI widgets within the installed apps. Similar to FlowDroid, IccTA which proposed by Bartel and colleagues (Klein et al., 2015) use a static analysis mechanism to detect privacy leaks between different components in Android applications. Moreover, Kim and partners developed a static analyzer tool called SCANDAL. Their developed tool detects privacy leaks in Android applications and determines the flow of data from source of information till reach its target channel. SCANDAL covers limited privacy information include location, phone, SMS and Eavesdropping (Kim et al., 2012).

IccTA supports inter-component detection and improves the precision of the analysis. In addition, Zhang and colleagues presented a dynamic analysis platform called VetDroid for remolding sensitive behaviors in Android apps from a novel permission use perspective (Zhang et al., 2014). This systematic approachused to efficientlystructure permission use behaviors, e.g. how applications use permissions to access privacy system resources, and how the application further utilizes these attained permission-sensitive resources. VetDroid can suggestedto be used in finding more information leaks than TaintDroid proposed by (Enck et al., 2014). Besides, PermissionFlow proposed by Sbirlea and associatesaims to provide an automatic detection of inter-application permission infiltration in android applications. They developed a static analysis approach that detected unauthorized access to privacyinformation through capturing the flow of permissions. The approach focused on three types of attacks e.g. permission collusion, confuseddeputy and Intent spoofing by (Sbirlea D, Burke MG, Guarnieri S, Pistoia M, 2013).

In contrast, PermissionFlow does not detect the native code permissions. Also, the tool suffers from redundant checking of permissions and data dependent which cause to erroneous during the detection process. Finally, this approaches use implicit intents only which lead to negatives results for the apps that use the communication between other Android components(Bhandari et al., 2017).Zhou and associates presented systematic approach for detection of malicious applications that published on popular Android markets e.g. google play store. They developed a tool named DroidRanger which used to implement two main schemes, a permission based behavioral foot printing scheme and a heuristics-based filtering scheme (Zhou et al., 2012).The tool focused on system calls used by existing Android kernel or made with the OS privilege.Therefore, these two heuristics are not sufficient to detect the all malware in android markets, its only limited to detect variants of common malware types or uncommon malware that dynamically load untrusted code. Also, DroidRanger performs offline investigation to detect malware in Android Markets, thus no runtime detection of apps malware (Lee, Kim, Park, & Cho, 2016).In 2012, Schreckling and colleagues introduced Constroid which is a data-centric security policy management framework for Android. Constroid provides a partial enforcement of fine-grained and allow users to control the access of policies in Android. This tool modified the ContentProvier and Intercomponent Communication Channel (ICC)(Schreckling et al., 2012). However, Constroid defined the security policies for each Android components, instead of specifying permissions for each app.

Furthermore, these policies specified by the user, not by the developer. Though, this approach can easily confuse users as they are held responsible of requiring security and privacy policies (Xu et al., 2016; Suarez et al., 2013). In 2011, ComDroid developed by Chin  as a detection tool that observe the application communication vulnerabilities (Chin et al., 2011). ComDroid can be used by developers to investigate their own applications before its final release. Nevertheless, ComDroid detected Android Intent control flow across functions, and did not distinguish between paths that used control flow statements.Also, it does not track the privilege across pending Intents and Intents that performs URI read/write permissions. In 2011,Gilbert and associates proposed AppInspector which is an automated security validation tool that used to analyzes apps and generates reports of potential security and privacy violations. Besides, they proposed a dynamic method that tracks an app’s use of sensitive information and checks for suspicious behavior such as excessive resource consumption or deleting user data(Gilbert et al., 2011). Figure 3 illustrates the main components of AppInspector.However, the tool has less scalability of the with app base which lead to increase themalicious apps in the market. The tool perform a single party to achieve the entire process in android app e.g. tracinghigh privacy information flow, detecting security and privacyhazards, and reporting potential risks of information misuse(Fung, B. R. C., & Vu, 2015).

 

Figure 3: AppInspector architecture (Gilbert et al., 2011).

 

 

 

 

 

 

 

Hornyack and his partners developed a security tool called AppFence. This tool modified the Android operating system to execute privacy controls on existing Android applications. AppFence allow users to keep tracking the private information and data that transfer from their device through a third-party application. Once privacy leakage is detected, AppFence allow users to either replace private data with shadow data to avoid privacy misuse, or blocks the transmission of on-device only data over the network (Hornyack & Schechter, 2011, Xu et al., 2016). However, AppFence has numerous limitations: 1) AppFence suffers significant performance overhead; thus, due to the taint tracking on every single Dalvik bytecode execution. 2) AppFence required firmware modification, therefore, deploying the tool on multiple Android devices can be challenging (Zhang et al., 2012). 3) AppFence’s has some of  blocking feature e.g. does not detect information leaked through control flow operations (Hornyack & Schechter, 2011).

In 2013 Sarrab and Bourdoucen introduced new approach which provided a dynamic and operational information security solution (Sarrab & Bourdoucen, 2013). They discussed the problem of monitoring and controlling the flow of user private information during the installation and execution of untrusted mobile applications. This approach support the interaction between user and the security process where users can manage their applications security without defining intricate security policies before running the mobile application. (M. Sarrab, 2013).  The framework involvestwo major stages, loading and instrumentation of class-les of the intended application and running of the target program and tracing the flow of information based on the information flow policy. However, this study does not discuss the procedures of involving users in monitoring process, the approach does not enable the application user to decide which policies that should take place when the information start sharing with cloud. Moreover, there is no grant to user about the flow of these information and personal data (M. Sarrab, 2013). In 2010, Nauman and colleagues developed an Apex framework which introduced a policy enforcement mechanism for android that allows user to selectively grant permissions to applications as well as enforce constraints on the usage of resources. However, Apex limited to some of available permissions (Zhou, Zhang, Jiang, & Freeh, 2011).

Beresford and colleagues proposed Android modified version called MockDroid (Nauman, 2010). This framework used by users to ‘mock’ applications’ resources access. Mocking refers to resources that are reported as unavailable or empty whenever an App requests access. MockDroid offers an extended permission technique where the resources access is not blocked, but results in an empty, unavailable, or dummy data. Most of the previous studies do not give the control of the apps in the user hand, however all these tools installed in the user device to detect or monitor the flow of the other app data or detect the permissions used in these apps. Moreover, Schuster and Tromer  build a system named DroidDisintegrator (Schuster & Tromer, 2016), which tracking of inter-component information flow and tracing of componentresource use in apps. Also, it validates the feasibility of component-level of information flow control (IFC) while controlling the app behavior (Xu et al., 2016; Suarez et al.,2013; Gilbert et al., 2011; Hornyack & Schechter, 2011). DroidDisintegrator uses dynamic examination to produce IFC policies for Android apps. This framework offer repacking the app which embed the procedures and enforcing these policies at runtime.However, the tool uses only dynamic analysis while the tracing of the internal logic of sensitive behaviors should take place. Hence, the static analysisis needed as well to perform better tracking for information, decrease falsely-reported flows and detect decomposable flows. Moreover, in Android Version 6 (Marshmallow), some app permissions are granted at runtime and on-demand.  It does not involve user in controlling these kinds of permissions. Thus, the tool can be extended to cover the components process such a dynamic security label model, where hazardous information flows are reported at runtime and agreed from the user side.

In 2009, Fuchs and colleagues present SCANDROID that achieve incremental checking of Android applications, extracts security specifications from applications manifests and checks whether data flows through those applications are consistent with its permissions(Kim et al., 2012). This tool is limited because it cannot analyze the full packaged Android applications and it does not yet applied for real-world applications. Moreover, Ren and colleaguedescribed a cross-platform technique called ReCon which exposes personally identifiable information (PII) leaks over the network and give information to users, allow them to control these data without requiring any special privileges or custom OS. This approach uses network flow to detect and extract PII leaks.  The system extracts user location as sample and enables users to control their information about privacy leaks from network, provide feedback about appropriate leaks and they can as well change the information sent to third parties(Ren et al., 2016).In 2016, Wong and Lie introduced a dynamic analysis tool that generate inputsfor the Dynamic Analysis of Android Malware.IntelliDroid can produce a small setof inputs that allow dynamic analysis to decide when there ismalicious in Android applications.This approachmonitors the execution of an Android application, extracts targeted APIs and successively leads to more efficient and effective dynamic analysis. Additionally, IntelliDroid perform six main steps starting from specifying target APIs, then categorizing paths to target APIs, after that extracting call path constraints,next mining event chains, then determining run-time constraints and finally Input-injection to trigger call paths(Wong & Lie, 2016).Moreover, DroidAuditor have been proposed as an application behavior analysis toolkit which targeting application-layer privilege escalation attacks. It adopts Android Security Modules (ASM) access control architecture to detectthe application behavior at all layers of the Android operating system, produces the result of observations in a behavior graph and generates an interactive visualization.  The DroidAuditor architecture used dynamic program analysis technique to monitorthe app behavior in instrumented Android environments(Heuser, S., Negro, M., Pendyala, P. K., & Sadeghi, 2016).On the other hand, IntelliDroiddoes not operatewith Implicit Intents, Content Providersand Native CodeExecution. Also, IntelliDroid partially handles reflection as it cannot recognizethe path constraints after the reflected call. In the security said, the tool is not capable of generating inputs for encryptedand hashed functions(Bhandari et al., 2017).Furthermore,MR-Droid developed by(F. Liu et al., 2017)to detect inter-appcommunication threats and solved the problems of accurate and scalable of ICC.It proposes a MapReduce based framework to scale up compositional app analysis including: intent hijacking, intent spoofing and collusion(F. Liu et al., 2017). Nevertheless, the approach suffers from some limitations e.g. it can operate intent based ICC communicationsonly where the security risks can be handle by otherinter-app channels like content providers, shared preferenceslocation-based etc.(Bhandari et al., 2017). In 2018, Rashidi and colleagues proposed Android permission control framework based on crowdsourcing named DroidNet. At its core, DroidNet allow users to run new apps under two different modes probation mode or trusted mode. It offers recommendations for users on whether to accept or reject the permission requests based on decisions from peer expert users.  The tool provided a recommendation system which serves the goal of helping users perform low-risk resource accessing control on untrusted apps to protect their privacy and potentially improve efficiency of resource usages (Rashidi et al., 2018).The framework does not allow users to modify any privacy policies or even set them, it depend on the data decision gathering from expert user.


  • User level existing security tools

In 2013, Yang and colleagues presented a new analysis AppIntent framework. AppIntent provide a sequence of graphical user interfaceoperationsthat like the sequence of events that lead to the data transmission, thus helping thespecialists to control if the data communication is user intended or not.  AppIntent has two main limitation, firstly the tool does not support native codes. As well as, since the Android InstrumentationTestRunner method does not support instrumentation of network input, the tool cannot simulate network inputs generated by symbolic execution (Yang et al., 2013). Kathryn and partner implemented a new Android security approach called COMBdroid (Covert Malware Blocker) (Cotterell et al., 2015). This approachdiscourses Android security concerns by enforcing fine-grained and allow users to define policies, maintain a list of trusted and untrusted behaviors e.g. SMS initiation, phone calls, and URL calls.COMBdroid adjusts an application before installation instead of modifying Android OS and permitting it to override security vulnerabilities at runtime. The design process of their approachconsists of two main parts: first part is creating an instrumentation tool which is response to manipulate the APK files and insert them to interrupt the application’s behavior during runtime. The second part is COMBdroid Runtime flow where the files which will be inserted into the disassembled APK, then start catching and handling undesired practices calls at runtime. In the other hand, the tool includes only three policies which make the tool capability restricted. There are many threats should be considering during the overall security checking. Also, COMBdroid works on application level only in which a user preference list will only be recalled within the scope of that application.

Conti and colleagues presented a systemic tool called CRePE (Fuchs et al., 2009). Their approach permits context-related strategies to be well-defined either by the end users or apps market owners. Context-related policies are security policies that require the responsiveness of the context of the phone which can be defined using different status e.g. location, time, temperature, noise, and light. Based on the authorization, third parties can list out a policy on a smartphone at any time or just when the phone is within a particular context, e.g. within a building, or a plane. Furthermore, the system provides a component named UserInteractor which permits users to interact with CRePE to manage the contexts. Similarly, the user can explicitly activate and deactivate a context. On the other hand, CRePE only checks the context of the active policies, nevertheless other permissions and policies should be considered as well. However, each access of different resources will be checked only if the user authenticated to use UserInteractor. Furthermore, Schreckling and colleaguesin 2013 introduced Kynoid which is a real-time observation and enforcement framework for Android. This system allows users to list out security policies and well-defined for data-items. Besides, Kynoid allows users to state temporal, spatial, and destination constraints which have to hold for single items. They considered Kynoid to be the first tool for Android handheld system which enables the sharing of resources while users can defend the data-items stored in these resources using well-defined security policies(Schreckling et al., 2013).

In addition, this tool is the enhanced version of TaintDroid that proposed by (Enck et al., 2014), where  users can dynamically specify the security constraints for each data item including the destinations  that data can be shared with and confine that destinations only. Moreover, Kynoid framework consist of numerous components e.g. Content managers and content resolvers which considered as trusted data sources that can be accessed by users. So, whatever resources accessed from content provider will be passing to policy manager which refer to the list of security rulerelated with the requested data items. Then, the policy manager will interact with the Dalvik VM component and registers this policy reference with a unique identifier. Figure 4 demonstrations the main parts of Kynoid framework. However, Kynoid does not consider the actions that should be perform when these policies are hacked? Kynoid may allow users to list out set of actions that can be taken when these security constraints are hacked instead of picking one of respective actions that defined in the tool itself.

 

Figure 4:Kynoid Architecture(Schreckling et al., 2013).

 

 

 

 

 

 

 

Furthermore, Zhao and Osorio in 2012 developed TrustDroidTM as android security tool. This tool works as a static analyzer that tracking the app communication and prevent leakage of sensitive information in user mobile phone.(Zhao & Osorio, 2012).  TrustDroidTM analyzed the compiled Android application raw Dex e.g. APK file. Then, the tool determines the leakage of sensitive information and notify the user about this issue. In addition, the TrustDroidTM consist of four main elements, a source/sink description, a file scanner, a label management system, and the interface between these resources. However, the tool has some limitation issues including, the tacking of tainted data that should be written to a file otherwise, the process of monitoring will not be done. Also, the tool start detecting and tacking the app while they are loading, means no monitoring for apps during the installation and even during the usage. The system has only the static analysis of sensitive information, and no use of dynamic monitoring due to the difficulty of detecting and exploring Java interface which is encrypted.

In 2016, Liu and colleagues proposed a methodology that allow users to configure the installed application permission. The procedure of this process is learning the privacy profiles for permission sceneries and influence of these profiles in a personalized privacy information of user. The Privacy Profiles and Preference Modeling (PPA) enable users to list out a set of privacy-related questions to figure privacy profiles with machine learning and assist users review their permissions settings after profile them to guarantee that profile-based settings match users’ real preferences. With a set of questions provided by PPA, the users can get numerous recommends for permission settings. The user has the option to accept or change these recommendations. However, the PPA limited to generate a user specific profile thus, do not reflect each application’s access to private data on a case by-case basis(Wijesekera, Baokar, Tsai, & Reardon, 2017).Figure 5 shows the process behind the PPA.

 

 

Figure 5: Profile assignment dialog provided by PPA: After answering questions (left) PPA will send a list of personalized suggestions(right). Users can analysis and modify the recommended deny settings (Wijesekera et al., 2017).

 

 

 

 

 

 

 

 

 

Moreover, Neisse and colleagues proposed framework that enforces fine-grained security privacy policies and enables users to manage access of applications to sensitive elements as well as allow them to  modify their security restrictions dynamically at runtime without the need to recompile or to reinstall the apps(Neisse et al., 2016). The approach improves user management on the privacy, confidentiality and security of their sensitive data and information by providing instrumentation techniques and contains a refinement phase where high-level resource-centric policies defined by users. On the other hand, the framework does not have a clear setting to users in terms of the information flow path which may lead to privacy violation(Omoronyia, 2017). Furthermore, Zhang and Yin in 2014 used rewriting approach to monitor the user personal information. This model selected version Android app and insert instrumentation code into the selected app to keep tracing of isolated information and detect leakage at runtime. Also, the authors implemented a prototype named Capper and they evaluated its efficacy on confining privacy-breaching apps. This bytecode rewriting approach applied a mechanism to enforce user prioritize confidentiality policy on legitimate Android apps. The tool will block confidentiality leakage in current Android malware apps, except a dedicated unsafe app can still find methods to avoid the tool confinement.

 

  1. Discussion

Existing solutions have used different flow control approaches to address privacy in mobile systems. However, they are limited because they do not give the user the priority to modify the privacy access, change the mobile permission of each app dynamically and the deployment model that facilitates large-scale adoption to ensure broad impact. At first glance, addressing all these limitations seems to impose a high barrier to success, due to the difficulty to address security issue that may occurs during the interaction between user and different cloud services. Moreover, evaluation approach that combines static and dynamic analysis to assess any given application may have low speed especially with static analysis as well as other different mentioned issues. User can be offered, the control of the application permissions, where they can change and modify the permission rules. Tables 2, 3 and 4 shows Android OS, application and user level existing security tools.


 

 

Table 2

Android OS existing security approaches

No Year Approach Mechanism Limitations
1 2012 Android Based Mobile Application Development and its Security Static and Dynamic Clearify how an application is signed for trust relationships and how an application permissions are explicitly defined.
2 2015 EdgeMiner: Automatically Observing Implicit Control Flow Transitions through the Android Approach Static Focusses only on API summaries that describe transitions of implicit control flow
3 2016 Malicious behavior analysis for android applications Static and Dynamic Consider more sensitive APIs and provide Android market real App for fans to use. An integratoin of others malware detection technique, e.g. dynamic taint analysis
4 2016 Investigation of Malicious Behavior of Android Apps Static and Dynamic Monitoring Android sensitive API and explore the apps vulnerability.
5 2016 Kratos: Determining Inconsistent Security Policy Enforcement in the Android Framework. Static Only static analysis tool for systematic tracing inconsistencies in security enforcement.

Did not make the effort to classify protected compoentes in Android’s application framework.

6 2016 Kratos: Determining Inconsistent Security Policy Enforcement in the Android Framework. Static Only static analysis tool for systematic tracing inconsistencies in security enforcement.

Did not make the effort to classify protected compoentes in Android’s application framework.

7 2017 KARMA: A multi-level adaptive patching model to protect kernel vulnerabilities from exploits Dynamic

 

Fouce on proctuing the Android kernal using specific executing patches using Lua engine which lead to negative impacts on the performance. Moreover, apporach does not address the kernelupdate problem.

 

 

As described, Android operating system security approachesin Table 2 use a combination mechanism for both static and dynamic security analysis model.Most of these Android operating system security approaches are based on analysis of apps granted permissions and focused only on tracking the flow of the information based on Android operating system level. Using this analysis type is not sufficient to detect all levels of malwares, as it can detect collusion attacks in operating system level without user control. In other perspective, it’s not guarantee that data and information cannot be shared via cloud channels or even with other legitimate apps that sometimes gather an excessive amount of user’s personal information.

 

 

 


Table 3

Android Application existing security approaches

No Year Approach Mechanism Limitations
1 2006 EDGEMINER: explore statically the entire Android framework to automatically produce API summaries Static Detection of collusion attacks in OS level without considering the user control
2 2009 SCANDROID: extracts security specifications from applications manifests. Dynamic Cannot analyze the full packaged Android applications
3 2010

 

 

 

Apex:   extending framework for android permission model and enforcement with user-defined runtime constraints.

 

Dynamic Limited to some of available permissions.
4 2010 MockDroid: extended permission technique where the resources access can be controlled by users. Dynamic Not available for end-user.
5 2011 AppInspector: an automated security validation tool that used to examines apps and generates reports of potential security and confidentiality violations  

Dynamic

Less scalability of the with app base. A single party to achieve the entire process in android app e.g. tracing high privecy information flow, detecting security and privacy risks, and reporting potential hazards of information misuse.
6 2011 ComDroid: A detection tool used by developers to monitor their application communication vulnerabilities before the app release to app market. Static ComDroid detected android Intent control flow across functions, and did not distinguish between paths that used control flow statements. Does not track the privilege across pending Intents and Intents that performs URI read/write permissions.
7 2011 AppFence: keep tracking the private information and data that transfer from their device through a third-party application. Dynamic significant performance overhead. Required firmware modification. Does not track information leaked through control flow operations.
8 2012 DroidRanger: systematic approach for detection of malicious applications using permission based interactive foot printing scheme and a heuristics-based filtering structure. Dynamic Limited to detect variants of common malware types or uncommon malware that dynamically load untrusted code, through the implementation and evalution of only two heuristics. DroidRanger performs offline analysis to detect malware in Android Markets, thus no runtime detection of apps malware.
9 2012 AASandbox: layered approach to secure private information in Android OS. Static and Dynamic AASandbox generates low detection accuracy
10 2012 Constroid: a data-centric security rule management schema for Android Static Confuse users as they are thoughtthat responsiblility of specifying security pocilicy and privacy rules depen on them.
11 2013 PermissionFlow: Automatic detection of inter-application permission leaks in Android applications. Static Does not support the security detection for native code permissions.

Redundant checking of permissions and data dependent which lead to erroneous detection. Use of implicit intents only which lead to   negatives result for the apps that use the communication between other android components.

12 2013 A dynamic and operational information security solution. Dynamic Does not support the procedures of involving users in monitoring process. No user involvement in deciding which policies that should take place when the information start sharing with cloud.

No grant to users about the flow of these information and personal data.

13 2014 FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware staticexamination for Android apps . Static Misses a different private and sensitive data leaks from benign off-the-shelf Android applications
14 2014 Amandroid: A Precise and General Inter-component Data Flow Analysis Approcah for Security Selection of Android Apps. Static Limited ability to handle exceptions including the handle concurrency and reflections issue.
15 2014 TaintDroid: Evaluate the flow of user’s private data that goes through the third-party stores. Dynamic Traces only explicit data flows, in which a bytecode directly transmit information from its source objects to its destination objects. Moreover, it cannot detected malware in apps that have their own libraries.
16 2014 AppFork: Data leakage tool that isolates and secures partitions belonging to work and personal profiles. Static and Dynamic Cannot run different versions of an app under different profiles.
17 2014 VetDroid: remolding sensitive behaviors in Android apps from a novel permission use perspective. Dynamic Needs a quite intrusive change in Dalvik VM, Binder and Linux kernel in Android system  that restrict the simplicity to port to different Android system versions. It inherited the drawbacks of TaintDroid as it built on top on it.
18 2014 ProfileDroid: of a multi-layer monitoring and profiling app. Static High overhead. No details about operations consumed time
19 2014 Cassandra: Information-Flow Analysis Static and Dynamic Does not support exception handling and synchronization methods
20 2015 IccTA: Detect privacy leaks between different android components. it is for a sound and precise detection of intro- components communication links and leakages. Static Cannot detect leak through multi-threading. Can miss leaks through native calls that their rules model incorrectly.
21 2015 SCANDAL: detects privacy leaks in Android applications and determines the flow of data from source of information till reach its target channel. Static Does not support reflection-related APIs. Does not support the Java Native Interface(JNI) which defines a way to interact with native code. Detect only three main apis including: Location Information, Phone Identifiers and Eavesdropping (track both audio and video).
22 2015 IntentDroid: Dynamic Recognition of Inter-application Communication Vulnerabilities in Android Dynmaic IntentDroid does not support the detection of other android components e.g. Services, Broadcast Receivers and Content.

IntentDroid does not grant multi-app attack.

23 2016 IntelliDroid: A Targeted Input tool for the Dynamic Investigation of Android Malware. Dynamic IntelliDroid does not operate with implicit Intents, Content Providers and native code executuion. IntelliDroid partially handles reflection as it cannot recognize the path constraints after the reflected call. The tool is not capable of generating inputs for encrypted and hashed functions.
24 2016 DroidDisintegrator: tracking of inter-component information flow and observing of resources use in apps Dynamic Performed only dynamic analysis while the tracing of the internal logic of sensitive behaviors should take place.
25 2016 ReCon: A cross-platform technique that exposes personally identifiable information (PII) leaks over the network. Dynamic Require network connection to detect and extract PII leaks.
26 2017 MR-Droid: a scalable and prioritized static analysis tool of interapp communication risks Static Cannot handle other inter-app channels like content providers, shared preferences. Its focus only on intent based ICC communications.
27 2018 DroidNet:An Android permission control framework based on crowdsourcing. Static No user control over the policies have been recommend.

 

 

As illustrated, Android application security approachesin Table 3 use static, dynamic or a combination of both mechanisms to trace and control the flow of the information and user privacy. Most of the presented approachesuse dynamic mechanism to trace the flow of private data via third-party applications. In many above approaches,they donot provide any evaluation details regarding theexecution timeof the overall apps process. Moreover, they do not support exception handling and synchronization methodsand suffering from significant performance overhead. Some of the provided tools use static analysis to control the flow of private data. These tools suffer from many drawbacks e.g. they cannot detect native code permissions, issues on redundant checking of permissions and data dependent. Moreover, in static analysis tools any modification in the sources requires the whole analysis process to be redone again.  However, all of these tools whether they use static, dynamic of combination of both do not involveend users in the security analysis process. These tools do not enable user to decide which policies that should take place when the information start sharing with cloud.


Table 4

User level existing security approaches

No Year Approach Mechanism Limitations
1 2009 CRePE: interrupt critical API calls and filter against predefined policies. Dynamic Checks only the context of the active policies.
2 2012 TrustDroid:  tracking the app communication and prevent leakage of sensitive information. Static Tacking of tainted data that should be written to a file. Detecting and tacking the app while they are loading, means no monitoring for apps during the installation and even during the usage.
3 2013 AppIntent: Analyzing critical data transmission in android for privacy leakage recognition. Dynamic Does not support native codes.  Does not support instrumentation of network input.
4 2015 COMBdroid: Discourses Android security concerns by enforcing fine-grained and allow users to define policies, maintain a list of trusted and untrusted behaviors. Dynamic Users preference list recalled within the scope of one application.
5 2016 Privacy Profiles and Preference Modeling (PPA): methodology to allow users to configure the installed application permission. Static Limited to generate a user specific profile.

Do not reflect each application’s access to private data on a case by-case basis.

6 2016 Framework that enforces fine-grained security privacy policies and enables users to control access of applications to sensitive. Dynamic Unclear to users the information-flow path that may lead to privacy violation.

 

 

As provided, in Table 4 user level security approachesuse static or dynamic analysis to control the flow of the information and user privacy. Most of the discussed approachesdo not support native codes and do not focus on the actions that need to be performed when flow policies hacked. Moreover, some of these tools start their detectionprocess during app loading time, thus no app monitoring during installation time or usage. Particularly, in these approaches, the user has no control over sensitive or private data, in such way that the user can change or modify the way that data processed or manipulated.

 

From the previous tools and frameworks, it can be observed that most approaches try to be convenient with securing mobile devices by producing and implementing the proposed prototypesthat monitor installed apps behaviors in users’ devices, without considering howusers can be involved to control these apps. Furthermore, these tools do not investigatethe app after installation time and while the user is using it.Some of the proposed tools detected the malware statically, thus, no real-time usage and it may affect the accuracy of tracking the user data. Moreover, no such approach that provide a clear setting for users to allow themto manage the device resources with certain permissions. Most of permissions control done in apps development stage by the android developers.Therefore, this research provides a set of recommendations to develop a framework that offers users of the apps the priority to change the apps behaviors once it starts accessing the user data. The permissions that provided by apps can be modified by the user based on the user privacy, as well as the user can lock or even prevent them to access any privacy data. In addition, researchers recommend that enables user to control mobile application actions based on configurable privacy and data flow policy during runtime. The framework should consider any behaviors done by installed apps and notify the user about the intent of the app behavior, thus help user to detect which app access private data or any other information. To ensure that users know what they are doing? They should explicitly approve any data access or manipulation rather than leaving it to the platforms.

Assume the following scenario, that DS1, DS2, DS3 are data sources those will be processed using mobile app. The monitoring mechanism that regulates and controls the flow of processed data during mobile app runtime has user privacy policy stated that DS2 (Data source 2) must not flow to DT1 (Data Target 2) as shown in Figure 6.

 

Figure 6:The flow of Apps while accessing the user information.

.

 

 

 

 

 

 

 

 

 

 

Then possible data flow scenarios are:

  • Data source (DS2) flowed to data target (DT2 or DT3) allowed based on policy rules.
  • Data source (DS2) flowed to data target (DT1) denied according to policy.
  • Data source (DS1 and DS2) processed in parallel and DS2 copied to DS1 then DS1 flow to DT1 denied as stated in the policy.
  1. Conclusion

Mobile devices store personal information e.g. user location, accounts details and sensitive data, thus privacy and security of user device is the major concern. Android as open source OS secures apps by sandboxing app execution and enforce the apps develops to maintain a set of provided permissions (B. Kitchenham, 2014)(B. Kitchenham, 2014). Different studies have been conducted to provide solutions that protect user’s devices.Most of these proposed approaches can monitor the behaviors of installed apps but not permit the user to control or prevent any unsecure behavior. Thus, this article discussed exciting approaches designedto provide tools and frameworks that track the actions of installed apps. To summarize the state-of-the-art of user privacy and data flow control in Android apps this article systematically reviews published approaches. In this systematic review process, 87 articles were collected. The article related to general concepts, proposals, ethical and legal discussions were not considered. The review process resulted in total of 40 Android security tools that arecategorized into 7 OS level, 27 apps level and 6 user level security tools. We have found that, there is no such mechanism that allow users to control mobile application behavior based on configurable privacy and data flow policy during runtime. Finally, these significant features of framework can help users to determine the behaviors of any installed apps andrespond to actions in order to secure the personal data. In spite of the huge potential and many benefits that could be gained from such research, there are still many challenges and issues need to be addressed mainly:

  • Data flow control,
  • Design suitable user interface,
  • Dynamic user privacy and data flow control policy,
  • Novel lightweight privacy algorithms in mobile technology side,
  • User ability to modify the flow policy during runtime in response to incidents, and
  • Modify application behavior that attempt to leak private data according to user decision.

To the best of our knowledge, mobile Android community is in great need of a solution that maintain the user controlling of permissions list, modifying them, monitor the data transmission and change an App behavior based on configurable privacy and data flow policy.

 

 

 

 

 

 

 

References:

  1. Kitchenham. (2014). Procedures for performing systematic reviews.

Backes, M., Planck, M., Systems, S., Bugiel, S., Derr, E., Mcdaniel, P., … Weisgerber, S. (2016). On Demystifying the Android Application Framework : Re-Visiting Android Permission Specification Analysis This paper is included in the Proceedings of the On Demystifying the Android Application Framework : In USENIX Security Symposium (pp. 1101–1118). Austin,TX.

Bacon, J., Eyers, D., Pasquier, T. F. J., Singh, J., Papagiannis, I., & Pietzuch, P. (2014). Information Flow Control for Secure Cloud Computing. EEE Transactions on Network and Service Management, 11(1), 76–89.

Barrera, D., Oorschot, P. C. Van, & Somayaji, A. (2010). A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android. Security, (1), 73–84. http://doi.org/10.1145/1866307.1866317

Bhandari, S., Ben, W., Jain, V., & Laxmi, V. (2017). Android inter-app communication threats and detection techniques. Computers & Security, 70, 392–421. http://doi.org/10.1016/j.cose.2017.07.002

Bin Liu, M. S., Schaub, F., Almuhimedi, H., Zhang, S. (Aerin), Sadeh, N., Agarwal, Y., & Acquisti, A. (2016). Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. In In Symposium on Usable Privacy and Security. (pp. 27–41). Denver, CO, USA. Retrieved from https://www.usenix.org/conference/soups2016/technical-sessions/presentation/liu

Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, A., & Albayrak, S. (2010). An Android Application Sandbox System for Suspicious Software Detection. In 5th international conference on IEEE (pp. 55–62).

Cao, Y., Fratantonio, Y., Bianchi, A., Egele, M., Kruegel, C., Vigna, G., & Chen, Y. (2015). EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework-PPT. ISOC Network and Distributed System Security Symposium, (February), 8–11. http://doi.org/10.14722/ndss.2015.23140

Chen, Y., Zhang, Y., X-lab, B., Wang, Z., State, F., Xia, L., … Wang, Z. (2017). Adaptive Android Kernel Live Patching. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17) (pp. 1–19). Vancouver, BC, Canada. Retrieved from https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/chen

Chin, E., Felt, A., Greenwood, K., & Wagner, D. (2011). Analyzing inter-application communication in Android. In In Proceedings of the 9th international conference on Mobile systems, applications, and services (pp. 239–252). http://doi.org/10.1145/1999995.2000018

Cotterell, K., Welch, I., & Chen, A. (2015). An Android Security Policy Enforcement Tool. In INTL JOURNAL OF ELECTRONICS AND TELECOMMUNICATIONS (Vol. 61, pp. 311–320). Springer Berlin Heidelberg. http://doi.org/10.1515/eletel-2015-0040

Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2014). TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Communications of the ACM, 57(3), 99–106. http://doi.org/10.1145/2494522

ENCK, W., ONGTANG, M., & MCDANIEL, P. (2009). Understanding Android Security. IEEE Security and Privacy, 7(1).

Epstein, Z. (2017). WannaCry_ Everything you need to know about the global ransomware attack – BGR. Http://bgr.com/tag/wannacry/. Retrieved from http://bgr.com/tag/wannacry/

Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012). Android Permissions: User Attention, Comprehension, and Behavior. In In Proceedings of the eighth symposium on usable privacy and security. http://doi.org/10.1145/2335356.2335360

Felt, A. P., Wang, H. J., Moshchuk, A., Hanna, S., & Chin, E. (2011). Permission Re-Delegation : Attacks and Defenses. In Proceedings of the eighth symposium on usable privacy and security.

Fuchs, A., Chaudhuri, A., & Foster, J. (n.d.). CRePE:contextrelated policy enforcement for android. In Proceedings of the 13th international conference on Information security, ser. ISC10. Berlin, Heidelberg: Springer- Verlag (pp. 331–345). http://doi.org/10.1.1.164.6899

Fung, B. R. C., & Vu, T. (2015). Dude , Ask The Experts : Android Resource Access Permission Recommendation with RecDroid Dude , Ask The Experts !: Android Resource Access Permission Recommendation with RecDroid. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium. Ottawa, ON, Canada. http://doi.org/10.1109/INM.2015.7140304

Geneiatakis, D., Nai, I., Kounelis, I., & Stirparo, P. (2015). A Permission Verification Approach for Android Mobile Applications. Computers & Security, 49, 192–205.

Gilbert, P., Chun, B.-G., Cox, L. P., & Jung, J. (2011). Vision. In Proceedings of the second international workshop on Mobile cloud computing and services – MCS ’11 (pp. 21–26). http://doi.org/10.1145/1999732.1999740

Hay R, Tripp O, P. M. (2015). Dynamic Detection of Inter-application Communication Vulnerabilities in Android Categories and Subject Descriptors. In Proceedings of the 2015 international symposium on software testing and analysis (pp. 28–118). NewYork, NY, USA.

Hedin, D., & Sabelfeld, A. (2011). A Perspective on Information-Flow Control. In Proc. of the 2011 Marktoberdorf Summer School. IOS Press.

Heuser, S., Negro, M., Pendyala, P. K., & Sadeghi, A. R. (2016). Technical report. In Proceedings of the 20th international conference on financial cryptography and data security (Vol. 10, pp. 1–12). http://doi.org/10.1038/nn1840

Holla, S., & Katti, M. M. (2012). Android Based Mobile Application Development and its Security. International Journal of Computer Trends and Technology, 3(3), 486–490.

Hornyack, P., & Schechter, S. (2011). These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In in Proceedings of CCS (pp. 639–651).

Hussain, M., Zaidan, A. A., Zidan, B. B., Iqbal, S., Ahmed, M. M., Albahri, O. S., & Albahri, A. S. (2018). Conceptual framework for the security of mobile health applications on Android platform. Telematics and Informatics, (March), 0–1. http://doi.org/10.1016/j.tele.2018.03.005

Jason Hong, J. L. (2017). Android App Scanner – Carnegie Mellon University CyLab.

Kim, J., Yoon, Y., & Yi, K. (n.d.). S CAN D AL : Automated Security Certification of Android Applications.

Kim, J., Yoon, Y., Yi, K., & Shin, J. (2012). Scandal: Static Analyzer for Detecting Privacy Leaks in Android Applications. IEEE Workshop on Mobile Security Technologies (MoST), 1–10.

Kim, Y., Oh, T., & Kim, J. (2015). Analyzing User Awareness of Privacy Data Leak in Mobile Applications. Mobile Information Systems, 2015. http://doi.org/10.1155/2015/369489

Klein, J., Traon, Y. Le, Li, L., & Bartel, A. (2015). IccTA : Detecting Inter-Component Privacy Leaks in Android Apps IccTA : Detecting Inter-Component Privacy Leaks in Android Apps. In Proceedings of the 37th International Conference on Software Engineering (pp. 280–291). IEEE Press. http://doi.org/10.1109/ICSE.2015.48

Lee, H., Kim, D., Park, M., & Cho, S. (2016). Protecting data on android platform against privilege escalation attack. International Journal of Computer Mathematics, 93(2), 401–414. http://doi.org/10.1080/00207160.2014.986113

Li Li, TegawendéF. Bissyandé , Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, Le Traon. (2017). Static analysis of android apps: A systematic literature review. Information and Software Technology, 88, 67–95.

Lin, Y., Ho, C., Lai, Y., Du, T., & Chang, S. (2013). Booting , browsing and streaming time profiling , and bottleneck analysis on android-based systems. Journal of Network and Computer Applications, 36(4), 1208–1218. http://doi.org/10.1016/j.jnca.2013.02.024

Lin, Y., Lai, Y., Chen, C., & Tsai, H. (2013). Identifying android malicious repackaged applications by thread-grained system call sequences. Computers & Security, 39, 340–350. http://doi.org/10.1016/j.cose.2013.08.010

Liu, F., Cai, H., Wang, G., Yao, D. D., Elish, K. O., & Ryder, B. G. (2017). MR-Droid : A Scalable and Prioritized Analysis of Inter-App Communication Risks. In In: Proceedings of the mobile security technologies (MoST), in conjunction with IEEE symposium on security and privacy. San Jose, CA.

Lortz, S., Schneider, D., & Weber, A. (2014). Cassandra : Towards a Certifying App Store for Android. In In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (pp. 93–104). ACM.

Mahmood, R., Esfahani, N., Kacem, T., Mirzaei, N., Malek, S., & Stavrou, A. (2012). A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud. In Proceedings of the 7th International Workshop on Automation of Software Test (pp. 1–7).

Martin, K., & Shilton, K. (2016). Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices. The Information Society, 32(3), 200–216. http://doi.org/10.1080/01972243.2016.1153012

Micro, T. (2017). MOBILE SECURITY AND PRIVACY (Advances, Challenges and Future Research Directions). (C. Katsaropoulos, Ed.). Todd Green.

Mohini, T., Kumar, S. A., & Nitesh, G. (2013). Review on Android and Smartphone Security. International Journal of Engineering Science, 1(6), 12–19.

Moura, S. M. (2015). Floodgate : An Information Flow Control Platform for Distributed Mobile Applications Telecommunications and Informatics Engineering.

Mulliner, C., Vigna, G., Dagon, D., & Lee, W. (2006). Using Labeling to Prevent Cross-Service Attacks Against Smart Phones, 91–108.

Nachenberg, C. (2011). A Window Into Mobile Device Security – Examining the security approaches employed in Apple’s iOS and Google’s Android, Symantec Security Response. Symantec Security Response, 1–22.

Nauman, M., Khan, S., & Zhang, X. (2010). Apex: extending Android permission model and enforcement with user-defined runtime constraints. In In Proceedings of the 5th ACM symposium on information, computer and communications security (pp. 328–332). Beijing, China. http://doi.org/10.1145/1755688.1755732

Neisse, R., Steri, G., Geneiatakis, D., & Nai, I. (2016). A privacy enforcing framework for Android applications. http://doi.org/10.1016/j.cose.2016.07.005

Niekerk, J. Van, Solms, R. Von, & Niekerk, J. Van. (2013). From information security to cyber security. Computers & Security, (August), 1–6. http://doi.org/10.1016/j.cose.2013.04.004

Oluwafemi, T. (2015). Using Component Isolation to Increase Trust in Mobile Devices. University of Washington.

Oluwafemi, T., & Riva, O. (2014). Per-App Profiles with AppFork : The Security of Two Phones with the Convenience of One. Microsoft.

Omoronyia, I. (2017). Privacy engineering in dynamic settings. In Proceedings of the 39th International Conference on Software Engineering Companion (Vol. 9781538615, pp. 297–299). http://doi.org/10.1109/ICSE-C.2017.89

Osorio, Z. Z. and F. C. . C. (2012). ‘ TrustDroid TM ’: Preventing the use of SmartPhones for information leaking in corporate networks through the used of static analysis taint tracking. In In Malicious and Unwanted Software (MALWARE), 2012 7th International Conference (pp. 135–143).

Patterson, J. (2017). ‘Wanna Cry’ virus infecting computers around the world, Tampa Bay area bracing for impact _ WFLA. Retrieved from http://wfla.com/2017/05/15/wanna-cry-virus-infecting-computers-around-the-world-tampa-bay-area-bracing-for-impact/

Phu H.Nguyen, Max Kramer, Jacques Klein, Y. L. (2015). An extensive systematic review on the model-driven development of secure systems. Information and Software Technology, 68, 62–81.

Qian, Q., Cai, J., Xie, M., & Zhang, R. (2016). Malicious behavior analysis for android applications. International Journal of Network Security, 18(1), 182–192.

Ren, J., Rao, A., Lindorfer, M., Legout, A., & Choffnes, D. (2016). ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys ’16), 361–374. http://doi.org/10.1145/2906388.2906392

Rocha, B. P. S., Conti, M., Etalle, S., & Crispo, B. (2013). Hybrid Static-Runtime Information Flow and Declassi fi cation Enforcement. IEEE Transactions on Information Forensics and Security, 8(8), 1294–1305.

Sarrab, M. (2013). Runtime verification using policy-based approach to control information flow. Int. J. Security and Networks, 8(4), 212–230. http://doi.org/10.1504/IJSN.2013.058153

Sarrab, M., & Bourdoucen, H. (2013). Runtime Monitoring Using Policy Based Approach to Control Information Flow for Mobile Apps, 7(11), 1444–1451.

Sarrab, M., & Elbasir, M. (2015). Mobile Application : Information Flow Control. AL-MADAR JOURNAL FOR COMMUNICATIONS, INFORMATION TECHNOLOGIES, AND APPLICATIONS, (September), 1–11.

Sbirlea D, Burke MG, Guarnieri S, Pistoia M, S. V. (2013). Automatic detection of inter-application permission leaks in android applications. IBM J Res Dev, 57(6), 1–12.

Schreckling, D., Köstler, J., & Schaff, M. (2013). Kynoid: Real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android. Information Security Technical Report, 17(3), 71–80. http://doi.org/10.1016/j.istr.2012.10.006

Schreckling, D., Passau, D.-, Posegga, J., Passau, D.-, & Hausknecht, D. (2012). Constroid : Data-Centric Access Control for Android. In In Proceedings of the 27th ACM Symposium on Applied Computing (SAC) (pp. 1478–1485). ACM.

Schuster, R., & Tromer, E. (2016). DroidDisintegrator: Intra-Application Information Flow Control in Android Apps. ASIA CCS ’16 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 401–412. http://doi.org/10.1145/2897845.2897888

Shao, Y., Ott, J., Chen, Q. A., Qian, Z., & Mao, Z. M. (2016). Kratos : Discovering Inconsistent Security Policy Enforcement in the Android Framework. NDSS, (February), 21–24.

Shweta Bhandari, Wafa BenJaballah, Vineeta Jain, Vijay Laxmi, Akka Zemmari, Manoj Singh Gaur, Mohamed Mosbah, M. C. (2017). Android inter-app communication threats and detection techniques. Computers & Security, 70, 392–421.

Singh, J., Powles, J., Pasquier, T., & Bacon, J. (2015). Seeing through the clouds : Managing data flow and compliance in cloud computing. IEEE Cloud Computing, 2(4), 24–32.

Singh, P., Tiwari, P., & Singh, S. (2016). Analysis of Malicious Behavior of Android Apps. Procedia Computer Science, 79, 215–220. http://doi.org/10.1016/j.procs.2016.03.028

Song, J., Han, C., Wang, K., Zhao, J., & Ranjan, R. (2016). An integrated static detection and analysis framework for android. Pervasive and Mobile Computing, 32, 15–25. http://doi.org/10.1016/j.pmcj.2016.03.003

Statista. (n.d.). Number of available applications in the Google Play Store from December 2009 to March 2017. Retrieved from https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, A. B., & Jacques Klein, Yves Le Traon, Damien Octeau,  and P. M. (2014). Flowdroid: Precise context, ow, eld, object-sensitive and lifecycle-aware taint analysis for android apps. In Programming Language Design and Implementation (PLDI), 46(6), 259–269.

Su, M. K., Kywe, S. M., Li, Y., Petal, K., & Grace, M. (2016). Attacking Android smartphone systems without permissions Attacking Android Smartphone Systems without Permissions. In In Privacy, Security and Trust (PST), 2016 14th Annual Conference IEEE (pp. 147–156). New Zealand.

Suarez-tangil, G., Tapiador, J. E., Peris-lopez, P., & Ribagorda, A. (2013). Evolution , Detection and Analysis of Malware for Smart Devices. IEEE Communications Surveys & Tutorials, 16(2), 961–987.

Talha, A., & Alper, I. (2018). An in-depth analysis of Android malware using hybrid techniques. Digital Investigation, 24, 25–33. http://doi.org/10.1016/j.diin.2018.01.001

Wei, F., Roy, S., & Ou, X. (2014). Amandroid : A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps Categories and Subject Descriptors. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 1329–1341).

Wei, X., & Gurkok, C. (2014). ProfileDroid : Multi-layer Profiling of Android Applications Categories and Subject Descriptors. Network and System Security, 137–148. http://doi.org/10.1016/B978-0-12-416689-9.00004-6

Wijesekera, P., Baokar, A., Tsai, L., & Reardon, J. (2017). The Feasibility of Dynamically Granted Permissions : Aligning Mobile Privacy with User Preferences. arXiv Preprint arXiv, 1–17.

Wong, M. Y., & Lie, D. (2016). IntelliDroid : A Targeted Input Generator for the Dynamic Analysis of Android Malware. In Proceedings of the annual symposium on network and distributed system security (NDSS) (pp. 21–24). San Diego, California, USA.

Xiao, Z., Xiao, Y., & Member, S. (2013). Security and Privacy in Cloud Computing. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, 15(2), 843–859.

Xu, M., Song, C., Ji, Y., Shih, M., Lu, K., Zheng, C., … Lee, B. (2016). Toward Engineering a Secure Android Ecosystem : A Survey of Existing Techniques. ACM Computing Surveys (CSUR), 49(2), 38.

Yadav, D. S., & Doke, P. K. (2016). Mobile Cloud Computing Issues and Solution Framework. International Research Journal of Engineering and Technology (IRJET), 3(11), 1115–1118.

Yang, Z., Yang, M., Zhang, Y., Gu, G., Ning, P., & Wang, X. S. (2013). AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security – CCS ’13 (pp. 1043–1054). Berlin, Germany. http://doi.org/10.1145/2508859.2516676

Zhang, M., Yin, H., & App, A. (2012). Transforming and Taming Privacy-Breaching Android Applications, (February), 7–8.

Zhang, Y., Yang, M., Yang, Z., Gu, G., Ning, P., & Zang, B. (2014). Permission use analysis for vetting undesirable behaviors in android apps. IEEE Transactions on Information Forensics and Security, 9(11), 1828–1842. http://doi.org/10.1109/TIFS.2014.2347206

Zhou, Y., Wang, Z., Zhou, W., & Jiang, X. (2012). Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (pp. 5–8). Hilton San Diego Resort & Spa. http://doi.org/http://www.internetsociety.org/hey-you-get-my-market-detecting-malicious-apps-official-and-alternative-android-markets

Zhou, Y., Zhang, X., Jiang, X., & Freeh, V. W. (2011). Taming Information-Stealing Smartphone Applications ( on Android ). In International conference on Trust and trustworthy computing (pp. 93–107). Berlin, Heidelberg.

Zimmeck, S., Wang, Z., Zou, L., Iyengar, R., Liu, B., Schaub, F., … Reidenberg, J. (2016). Automated Analysis of Privacy Requirements for Mobile Apps. In 2016 AAAI Fall Symposium Series (Vol. 3078). http://doi.org/10.14722/ndss.2017.23034

Zlatko Stapić, Eva García López, Antonio García Cabot, Luis de Marcos Ortega, V. S. (2012). Performing systematic literature review in software engineering. In CECIIS 2012 – Varaždin, Croatia.

         $10 per 275 words - Purchase Now