Hani Alshahrani^1,2, Abdulrahman Alzahrani¹, Alexandra Hanton³, Ali Alshehri¹, Huirong Fu¹, Ye Zhu⁴

Show more
¹ Oakland University, Rochester, MI, USA.
² Najran University, Najran, KSA.
³ Loyola University Chicago, Chicago, IL, USA.
⁴ Cleveland State University, Cleveland, OH, USA.
Show less

Abstract:

Most of the millions of Android users worldwide use applications from the official Android market (Google Play store) and unregulated alternative markets to get more functionality from their devices. Many of these applications transmit sensitive data stored on the device, either maliciously or accidentally, to outside networks. In this paper, we will study the ways that Android applications transmit data to outside servers and propose a user-friendly application, DroidData, to inform and protect the user from these security risks. We will use tools such as TaintDroid, AppIntent, and Securacy to propose an application that reveals what types of data are being transmitted from apps, the location to which the data is being transmitted, whether the data is being transmitted through a secure channel (such as HTTPS) and whether the user is aware that the information is being transmitted. The application will generate a report that allows the user to block the application that leaks sensitive information. In doing so, we will examine the importance, relevance, and prevalence of these Android Data security issues.

Keywords: Android, Security, Privacy, Tracking Data, Malware

Cite this paper: Alshahrani, H. , Alzahrani, A. , Hanton, A. , Alshehri, A. , Fu, H. and Zhu, Y. (2017) DroidData: Tracking and Monitoring Data Transmission in the Android Operating System. Communications and Network, 9, 192-206. doi: 10.4236/cn.2017.93014.

References

[1]   Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M. and Rajarajan, M. (2015) Android Security: A Survey of Issues, Malware Penetration, and Defenses. IEEE Communications Surveys & Tutorials, 17, 998-1022.
http://ieeexplore.ieee.org/abstract/document/6999911/?section=abstract
https://doi.org/10.1109/COMST.2014.2386139

[2]   Gibler, C., Crussell, J., Erickson, J. and Chen, H. (2012) Androidleaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. Proceedings of the 5th International Conference on Trust and Trustworthy Computing, Vienna, 13-15 June 2012, 291-307.
https://doi.org/10.1007/978-3-642-30921-2_17

[3]   Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P. and Sheth, A.N. (2010) Taint Droid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, Vancouver, 4-6 October 2010, 393-407.

[4]   Tu, G.H., Peng, C.Y., Li, C.Y., Ma, X.Y., Wang, H.Y., Wang, T. and Lu, S.W. (2013) Accounting for Roaming Users on Mobile Data Access: Issues and Root Causes. Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services, Taipei, 25-28 June 2013, 305-318.
https://doi.org/10.1145/2462456.2464439

[5]   Institute for System Programming of the Russian Academy of Sciences (2016) Static Analysis vs. Dynamic Analysis.
http://linuxtesting.org/static-vs-dynamic

[6]   Alliance FAQ (2017)
http://www.openhandsetalliance.com/oha_faq.html

[7]   Elenkov, N. (2014) Android Security Internals: An In-Depth Guide to Android’s Security Architecture. No Starch Press, San Francisco.

[8]   Rashidi, B. and Fung, C. (2015) A Survey of Android Security Threats and Defenses. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 6, 2015.

[9]   Android Developer (2016) App Manifest.
https://developer.android.com/guide/topics/manifest/manifest-intro.html

[10]   Carlon, K. (2016) Android 6.0 Marshmallow: All the Key Features Explained.
https://www.androidpit.com/android-m-release-date-news-features-name

[11]   Bartel, A., Klein, J., Le Traon, Y. and Monperrus, M. (2012) Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android. Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, Essen, 3-7 September 2012, 274-277.
https://doi.org/10.1145/2351676.2351722

[12]   Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D. and McDaniel, P. (2014) Flowdroid: Precise Context, Ow, Eld, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps. SIGPLAN Notices, 49, 259-269.
https://doi.org/10.1145/2666356.2594299

[13]   Kwong, L.Y. and Yin, H. (2012) Droidscope: Seamlessly Reconstructing the Os and Dalvik Semantic Views for Dynamic Android Malware Analysis. Proceedings of the 21st USENIX Conference on Security Symposium, Bellevue, 8-10 August 2012, 29.

[14]   McClurg, J., Friedman, J. and Ng, W. (2013) Android Privacy Leak Detection via Dynamic Taint Analysis. Northwestern University, Evanston, IL.
http://www.jrmcclurg.com/papers/internet_security_final_report.pdf

[15]   Brain, R. (2010) Dynamic Code Analysis vs. Static Analysis Source Code Testing.
http://www.computerweekly.com/answer/Dynamic-code-analysis-vs-static-analysis-source-code-testing

[16]   Java Decompiler (2017) Download.
http://jd.benow.ca/

[17]   Apktool (2016) A Tool for Reverse Engineering Android Apk Files.
https://ibotpeaches.github.io/Apktool/

[18]   SourceForge (2016) Dex2jar.
https://sourceforge.net/projects/dex2jar

[19]   Arzt, S., Rasthofer, S. and Bodden, E. (2013) Susi: A Tool for the Fully Automated Classi Cation and Categorization of Android Sources and Sinks. University of Darmstadt, Darmstadt.

[20]   Yang, Z.M., Yang, M., Zhang, Y., Gu, G.F., Ning, P. and Wang, X.S. (2013) Appintent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, 4-8 November 2013, 1043-1054.
https://doi.org/10.1145/2508859.2516676

[21]   Android Developer (2016) Managing the Activity Lifecycle.
https://developer.android.com/training/basics/activity-lifecycle/index.html

[22]   Ferreira, D., Kostakos, V., Beresford, A.R., Lindqvist, J. and Dey, A.K. (2015) Securacy: An Empirical Investigation of Android Applications’ Network Usage, Privacy and Security. Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, New York, 22-26 June 2015, 1-11.
https://doi.org/10.1145/2766498.2766506

[23]   Russo, A., Sabelfeld, A. and Li, K. (2009) Implicit Flows in Malicious and Nonmalicious Code. Proceedings of the 2009 Marktoberdorf Summer School, Garching, 4-16 August 2009, 301-322.

[24]   Simonet, V. (2015) Flow Caml.
http://www.normalesup.org/~simonet/soft/flowcaml