Checking More Alerting LessPRESENTED BY: AMIN ROIS SINUNG NUGROHO

Authors.

Pronounced as Apple.

Improvements of AAPL over previous works

Purifying Peer Apps

Noisy Apps:

Most popular apps, frequently installed along.

Filter with same category policy.

Accessories Apps:

Compare similarity in apps description (English only) using natural language processing technique called semantic similarity.

Polluting Apps:

Apps from the same developer with similar functionality.

Filter by developer account.

Uncovering Privacy Disclosures Conditional Flow Identification (sensitivities can’t be surely

determined)

a. Opportunistic Constant Evaluation (dependent on parameter value), e.g., uri=content://contacts//…” will be considered as sensitive data source.

b. Object Origin Interface (dependent on object type), infer derived type of interested object, e.g., HttpsURLConnection.getOutputStream(), will be considered as sensitive sink.

Joint Flow Tracking

joint flow tracking records all potential sources/sinks even they point to non-sensitive resources/channels, and finds all sub-flows containing potential sources or potential sinks by conservatively matching all potential sinks with all potential sources.

CHEX

IBM Wala

AAPL Usage Cases

Market Providers (e.g. Google Play)

An efficient detection and screening system to detect apps with potential privacy leakages.

Users

Identify apps with suspicious privacy disclosures. (should be developed further to recommend alternative apps with less or none privacy disclosures)

Developers

Check whether their apps have suspicious privacy disclosures. If caused by third party library, choose an alternative library.

Already cited by 3 papers in less than a year.

Weaknesses

Peer apps selection has not been bound formally by an algorithm. Such algorithm will make it more scalable.

The authors skipped non English description from the peer apps filtering. It should not be hard to use digital translator such as Google translate to provide better peer apps filtering.

Peer voting mechanism will not work if majority of peer apps show similar behavior. Suspicious primary apps will be detected as legitimate in this scenario.

Because of Android fragmentation, this method might not work well in all Android version (software) or devices (hardware).

Further Improvement

Recommend an alternative apps from peer apps in a situation where the primary apps display suspicious privacy disclosures.

Thank you.