You are here
Detecting Anomalous Sensitive Information Flows in Android Apps
Thursday, 7 December, 2017 - 16:00
Biniam Fisseha Demissie
Smartphone apps are often critical from a security point of view because they usually have access to sensitive user data (e.g., contacts, position, heart rate, account credentials) and they might share such data to the external world through the Internet or with other apps. Confidentiality of user data can be breached when there are anomalies in the way sen- sitive data is handled by an app, which may be vulnerable or malicious. Existing approaches that detect anomalous sensitive information flows have limitations in terms of pre- cision because the definition of anomalous flows may differ for different apps with different functionalities. It is normal for “Health” apps to share heart rate information through the Internet but is anomalous for “Travel” apps. In this paper, we propose a novel approach to detect anomalies in the flows of sensitive data in Android apps, with improved precision. To achieve this objective, we first group trusted apps according to their topics inferred from their functional descriptions. We then learn sensitive information flows with respect to each group of trusted apps. For each app under analysis, anomalies are identified by comparing sensitive information flows in the app against those flows learnt on trusted apps grouped under the same topic. In the evaluation, information flows are learnt on 11,796 trusted apps. We then checked for anomalies in 596 new (benign) apps and identified 14 apps that contain anomalous flows. We also analyzed 12 malware apps and found anomalies in 6 of them.