Privacy Inspector: A Testing-Monitoring-Analyzing Tool for Enhancing Security on Android Devices
Oral Defence Date:
Profs. Arno Puder and Bill Hsu
Modern mobile operating systems such as Android provide useful applications to users to make their tasks easier. However, these applications also access and store personal data including user’s geolocation, contacts, etc. In many cases, it is not visible to the consumer when an application accesses or transmits any of their data to a third-party server. Though mobile application developers request access permission details during the installation process, it is not an effectual method for informing the user, as it does not tell the user how many times a particular permission could be accessed in the background for possible harmful reasons. Additionally, many applications try and access data they do not require (e.g., the deviceID) or access information more periodically than needed (like geolocation) in the background. The primary objective of this project is to enhance the Android platform, by implementing a new tool to monitor and log whenever applications use privacy-sensitive API. The Privacy Inspection tool enables the users to test-monitor-analyze the behavior of any application on Android and recognize possible privacy loopholes. Privacy Inspector tool uses Aspect Oriented Programming to weave custom aspects into the Android platform. This way our injected aspects blend with the platform and work together to alert users about privacy leaks.
Android, Security, Android Open Source Project (AOSP), Aspect Oriented Programming (AOP), AspectJ, Java, Privacy