SoK: Privacy on Mobile Devices – It’s Complicated

Open access

Abstract

Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users’ lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications and features, in many cases without a full appreciation of the nature and extent of the information that they are exposing to a variety of third parties. Nevertheless, studies show that users remain concerned about their privacy and vendors have similarly been increasing their utilization of privacy-preserving technologies in these devices. Still, despite significant efforts, these technologies continue to fail in fundamental ways, leaving users’ private data exposed.

In this work, we survey the numerous components of mobile devices, giving particular attention to those that collect, process, or protect users’ private data. Whereas the individual components have been generally well studied and understood, examining the entire mobile device ecosystem provides significant insights into its overwhelming complexity. The numerous components of this complex ecosystem are frequently built and controlled by different parties with varying interests and incentives. Moreover, most of these parties are unknown to the typical user. The technologies that are employed to protect the users’ privacy typically only do so within a small slice of this ecosystem, abstracting away the greater complexity of the system. Our analysis suggests that this abstracted complexity is the major cause of many privacy-related vulnerabilities, and that a fundamentally new, holistic, approach to privacy is needed going forward. We thus highlight various existing technology gaps and propose several promising research directions for addressing and reducing this complexity.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] I. Leontiadis C. Efstratiou M. Picone and C. Mascolo “Don’t kill my ads!: balancing privacy in an ad-supported mobile application market” in MobiSys 2012.

  • [2] B. Ur P. G. Leon L. F. Cranor R. Shay and Y. Wang “Smart useful scary creepy: perceptions of online behavioral advertising” in SOUPS 2012.

  • [3] Z. Xu K. Bai and S. Zhu “Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors” in WiSec 2012.

  • [4] L. Cai and H. Chen “Touchlogger: Inferring keystrokes on touch screen from smartphone motion.” in HotSec 2011.

  • [5] P. Marquardt A. Verma H. Carter and P. Traynor “(sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers” in CCS 2011.

  • [6] J. Krumm and E. Horvitz “LOCADIO: Inferring motion and location from Wi-Fi signal strengths” in MobiQuitous 2004.

  • [7] J. Han E. Owusu L. T. Nguyen A. Perrig and J. Zhang “Accomplice: Location inference using accelerometers on smartphones” in COMSNETS 2012.

  • [8] Y. Michalevsky G. Nakibly A. Schulman and D. Boneh “PowerSpy: Location tracking using mobile device power analysis” in USENIX Sec. Symp. USENIX Association 2015.

  • [9] M. Azizyan I. Constandache and R. Roy Choudhury “Surroundsense: mobile phone localization via ambience fingerprinting” in MobiCom 2009.

  • [10] Y. Michalevsky D. Boneh and G. Nakibly “Gyrophone: Recognizing speech from gyroscope signals” in USENIX Sec. Symp. USENIX Association 2014.

  • [11] L. Sun D. Zhang B. Li B. Guo and S. Li “Activity recognition on an accelerometer embedded mobile phone with varying positions and orientations” in Ubiquitous intelligence and computing. Springer 2010 pp. 548-562.

  • [12] Qualcomm “Haven sec. platform” https://www.qualcomm.com/products/snapdragon/security.

  • [13] TrustKernel Team Shanghai Pingbo Info Tech Co. Ltd. “Trustkernel” https://www.trustkernel.com/.

  • [14] J. Bennett “Devices with trustonic tee” https://www.trustonic.com/news-events/blog/devices-trustonic-tee 08 2015.

  • [15] S. Demetriou W. Merrill W. Yang A. Zhang and C. A. Gunter “Free for all! assessing user data exposure to advertising libraries on android” in NDSS 2016.

  • [16] I. Polakis G. Argyros T. Petsios S. Sivakorn and A. D. Keromytis “Where’s wally?: Precise user discovery attacks in location proximity services” in CCS 2015.

  • [17] C. Patsakis A. Zigomitros and A. Solanas “Analysis of privacy and security exposure in mobile dating applications” in MSPN 2015.

  • [18] R. McCormick “Hack leaks hundreds of nude celebrity photos” http://www.theverge.com/2014/9/1/6092089/nude-celebrity-hack Sep. 2014.

  • [19] B. Krebs “The target breach by the numbers” Krebs on Security vol. 6 2014.

  • [20] “Newly disclosed N.S.A. files detail partnerships with AT&T and Verizon” The New York Times 2015.

  • [21] K. M. Sullivan “But doctor I still have both feet! Remedial problems faced by victims of medical identity theft” American Journal of Law & Medicine vol. 35 no. 4 2009.

  • [22] C. Apgar G. Apple L. Ayers M. Berntsen R. Busch J. Childress E. Curtis N. Davis M. Dawson B. Hjort et al. “Mitigating medical identity theft” Journal of American Health Information Management Association vol. 79 no. 7 p. 63 2008.

  • [23] C. J. Hoofnagle and J. M. Urban “Alan Westin’s privacy homo economicus” Wake Forest Law Review 2014.

  • [24] M. Madden and L. Rainie “Americans’ attitudes about privacy sec. and surveillance” http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-securityand-surveillance/ May 2015.

  • [25] J. L. Boyles A. Smith and M. Madden “Apps and privacy: More than half of app users have uninstalled or decided to not install an app due to concerns about their personal information” http://www.pewinternet.org/2012/09/05/main-findings-7/ Sep. 2015.

  • [26] Apple “We’ve given you tools to manage your privacy” http://www.apple.com/privacy/manage-your-privacy/ Retrieved Nov. 2015.

  • [27] J. Han Q. Yan D. Gao J. Zhou and R. Deng “Comparing mobile privacy protection through cross-platform applications” in NDSS 2013.

  • [28] A. Shaik R. Borgaonkar N. Asokan V. Niemi and J.-P. Seifert “Practical attacks against privacy and availability in 4G/LTE mobile communication systems” in NDSS 2016.

  • [29] A. P. Felt E. Ha S. Egelman A. Haney E. Chin and D. Wagner “Android permissions: User attention comprehension and behavior” in SOUPS 2012.

  • [30] C. Xenakis and C. Ntantogian “Attacking the baseband modem of mobile phones to breach the users’ privacy and network security” in CyCon 2015.

  • [31] Y. Zhou and X. Jiang “Dissecting android malware: Characterization and evolution” in Proc. 2012 Symp. on Sec. and Privacy. IEEE 2012.

  • [32] L. Li A. Bartel T. F. D. A. Bissyande J. Klein Y. Le Traon S. Arzt S. Rasthofer E. Bodden D. Octeau and P. McDaniel “IccTA: Detecting inter-component privacy leaks in android apps” in ICSE 2015.

  • [33] M. C. Grace W. Zhou X. Jiang and A.-R. Sadeghi “Unsafe exposure analysis of mobile in-app advertisements” in WiSec 2012.

  • [34] P. McDaniel “Bloatware comes to the smartphone” IEEE Sec. & Privacy 2012.

  • [35] W. Park “Mobile phone addiction” Mobile Communications 2005.

  • [36] C. Amrutkar P. Traynor and P. C. van Oorschot “An empirical evaluation of security indicators in mobile web browsers” Transactions on Mobile Comp. vol. 14 no. 5 2015.

  • [37] I. Paul “Google’s new highly targeted app ads react to how you use android apps” http://www.pcworld.com/article/2147001/google-starts-using-your-android-appbehavior-to-deliver-highly-targeted-app-ads.html 2015.

  • [38] Motorola “X8 mobile computing system” http://www.motorola.com/us/X8-Mobile-Computing-System/x8-mobile-computing-system.html.

  • [39] Apple “iPhone 6s Technology” http://www.apple.com/iphone-6s/technology/.

  • [40] R. Krten “Google android - IPC at the lowest levels” http://www.embedded.com/print/4083262 June 2008.

  • [41] W. Rankl and W. Effing “Smart card security” Smart Card Handbook 4th Edition pp. 667-734 2010.

  • [42] K. Koscher and E. Butler “simhacks” http://simhacks.github.io/.

  • [43] ETSI “Smart Cards; Card Application Toolket (Release 13)” March 2015.

  • [44] Apple “iOS Security: iOS 9.0 or later” https://www.apple.com/business/docs/iOS_Security_Guide.pdf 2015.

  • [45] Google “Google history” https://history.google.com/.

  • [46] C. Matyszczyk “TMI? Some fitbit users’ sex stats on Google search” http://www.cnet.com/news/tmi-somefitbit-users-sex-stats-on-google-search/ Retrieved Nov. 2015.

  • [47] S. Son D. Kim and V. Shmatikov “What mobile ads know about mobile users” NDSS 2016.

  • [48] Gemalto “Gemalto presents the findings of its investigations into the alleged hacking of sim card encryption keys by britain’s government communications headquarters and the U.S. National Security Agency” 2 2015.

  • [49] J. Zhang F. Yuan and Q. Xu “DeTrust: Defeating hardware trust verification with stealthy implicitly-triggered hardware trojans” in CCS 2014.

  • [50] S. Wei and M. Potkonjak “The undetectable and unprovable hardware trojan horse” in DAC 2013.

  • [51] T. Bray “Exercising our remote application removal feature” http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html June 2010.

  • [52] C. Beaumont “Apple’s Jobs confirms iPhone ‘kill switch’” http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html Aug. 2008.

  • [53] Google “What data does Google collect?” https://privacy.google.com/data-we-collect.html.

  • [54] Trustonic “Trustonic” https://www.trustonic.com/.

  • [55] Samsung “Samsung knox” http://www.samsungknox.com/ Nov. 2015.

  • [56] R. Welton “Remote code execution as system user on samsung phones” https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-onsamsung-phones/ June 2015.

  • [57] ETSI “3G security; Lawful Interception; Stage 2 (3GPP TS 43.033 version 12.0.0 Release 12)” Oct. 2014.

  • [58] S. Gemplus Oberthur “Over-the-air (OTA) technology” ftp://www.3gpp.org/tsg_sa/WG3_Security/TSGS3_30_Povoa/Docs/PDF/S3-030534.pdf Oct. 2010.

  • [59] J. Zang K. Dummit J. Graves P. Lisker and L. Sweeney “Who knows what about me? A survey of behind the scenes personal data sharing to third parties by mobile apps” http://techscience.org/a/2015103001/ 2015.

  • [60] V. Woods and R. van der Meulen “Gartner says emerging markets drove worldwide smartphone sales to 15.5 percent growth in third quarter of 2015” http://www.gartner.com/newsroom/id/3169417 2015.

  • [61] J.-E. Ekberg K. Kostiainen and N. Asokan “Trusted execution environments on mobile devices” in CCS 2013.

  • [62] ARM “ARM Sec. Technology: Building a Secure System using TrustZone Technology” 2009.

  • [63] H. Lockheimer “Hi I’m Hiroshi Lockheimer here at Google with the team that build Nexus 5X & 6P...Ask Us Anything!” https://www.reddit.com/r/IAmA/comments/3mzrl9/hi_im_hiroshi_lockheimer_here_at_google_with_the/cvjj167 Oct. 2015.

  • [64] “Full disk encryption” https://source.android.com/security/encryption/ 2015.

  • [65] M. Broz “dm-crypt: Linux kernel device-mapper crypto target” https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt 2015.

  • [66] J. Bonneau “A technical perspective on the apple iphone case” https://www.eff.org/deeplinks/2016/02/technicalperspective-apple-iphone-case 2 2016.

  • [67] Statistica “Number of apps available in leading app stores as of july 2015” http://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/ July 2015.

  • [68] A. P. Felt M. Finifter E. Chin S. Hanna and D. Wagner “A survey of mobile malware in the wild” in SPSM 2011.

  • [69] Y. Zhou Z. Wang W. Zhou and X. Jiang “Hey you get off of my market: Detecting malicious apps in official and alternative android markets.” in NDSS 2012.

  • [70] “Mobile Phone Spy Software” http://www.mobistealth.com/mobile-phone-spy-software 2015.

  • [71] M. Lindorfer M. Neugschwandtner L. Weichselbaum Y. Fratantonio V. van der Veen and C. Platzer “ANDRUBIS-1000000 apps later: A view on current android malware behaviors” in BADGERS 2014.

  • [72] Claud Xiao “YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs” http://researchcenter.paloaltonetworks.com/2015/10/yispecter 2015.

  • [73] Google “Google play” https://play.google.com/.

  • [74] Amazon “Amazon appstore” http://www.amazon.com/mobile-apps/b?node=2350149011.

  • [75] F. Cai H. Chen Y. Wu and Y. Zhang “Appcracker: Widespread vulnerabilities in user and session authentication in mobile apps” in MoST 2015.

  • [76] Google “Google play developer program policies” https://play.google.com/about/developer-content-policy.html 2015.

  • [77] Kim Eunice “Creating better user experiences on google play” http://android-developers.blogspot.ro/2015/03/creating-better-user-experiences-on.html 2015.

  • [78] Google “Android security 2014 year in review” https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2014_Report_Final.pdf 2014.

  • [79] Cluley Graham “The Hacking Team Android malware app that waltzed past Google Play’s security checks” https://heatsoftware.com/security-blog/10368/the-hackingteam-android-malware-app-that-waltzed-past-\googleplays-security-checks/ 2015.

  • [80] J. Han S. M. Kywe Q. Yan F. Bao R. Deng D. Gao Y. Li and J. Zhou “Launching Generic Attacks on iOS with Approved Third-Party Appl.” in Applied Cryptography and Network Sec. Springer 2013 pp. 272-289.

  • [81] T. Wang K. Lu L. Lu S. Chung and W. Lee “Jekyll on ios: When benign apps become evil” in USENIX Sec. Symp. USENIX Association 2013

  • [82] M. Bucicoiu L. Davi R. Deaconescu and A.-R. Sadeghi “XiOS: Extended application sandboxing on iOS” in ASIACCS 2015.

  • [83] Z. Deng B. Saltaformaggio X. Zhang and D. Xu “iRiS: Vetting private API abuse in iOS applications” in CCS 2015.

  • [84] “System and kernel security” https://source.android.com/devices/tech/security/overview/kernel-security.html 2015.

  • [85] “Security-Enhanced Linux in Android” https://source.android.com/security/selinux/ 2015.

  • [86] D. Blazakis “The apple sandbox” in Black Hat DC 2011.

  • [87] D. A. Dai Zovi “Apple iOS 4 security evaluation” https:// www.trailofbits.com/resources/ios4_security_evaluation_paper.pdf.

  • [88] S. Esser “iOS8 Containers Sandboxes and Entitlements” in Ruxcon 2014.

  • [89] R. N. M. Watson “New approaches to operating system security extensibility” University of Cambridge Computer Laboratory Tech. Rep. UCAM-CL-TR-818 Apr. 2012.

  • [90] A. P. Felt E. Chin S. Hanna D. Song and D. Wagner “Android permissions demystified” in CCS 2011.

  • [91] P. G. Kelley S. Consolvo L. F. Cranor J. Jung N. Sadeh and D. Wetherall “A conundrum of permissions: installing applications on an android smartphone” in Proc. Financial Cryptography and Data Sec. Springer 2012 pp. 68-79.

  • [92] J. Lin S. Amini J. I. Hong N. Sadeh J. Lindqvist and J. Zhang “Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing” in Ubicomp 2012.

  • [93] “Android 6.0 marshmallow” https://www.android.com/versions/marshmallow-6-0/ 2015.

  • [94] Apple Inc. “About privacy and Location Services for iOS 8 and iOS 9” https://support.apple.com/en-us/HT203033 2015.

  • [95] -- “Entitlement Key Reference” https://developer.apple.com/library/ios/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html 2014.

  • [96] “Using networking securely” https://developer.apple.com/library/prerelease/ios/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/SecureNetworking/SecureNetworking.html 2015.

  • [97] “Security with https and ssl” http://developer.android.com/training/articles/security-ssl.html 2015.

  • [98] “Security enhancements in android 5.0” https://source.android.com/security/enhancements/enhancements50.html 2015.

  • [99] “What’s new in iOS: iOS 9.0” https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-DontLinkElementID_13/ 2015.

  • [100] “App Store Review Guidelines” https://developer.apple.com/app-store/review/guidelines/ 2015.

  • [101] “Google Play Developer Distribution Agreement” https://play.google.com/about/developer-distribution-agreement.html 2015.

  • [102] L. Jia J. Aljuraidan E. Fragkaki L. Bauer M. Stroucken K. Fukushima S. Kiyomoto and Y. Miyake “Run-time enforcement of information-flow properties on android” in Computer Security - ESORICS 2013. Springer 2013 pp. 775-792.

  • [103] W. Enck P. Gilbert S. Han V. Tendulkar B.-G. Chun L. P. Cox J. Jung P. McDaniel and A. N. Sheth “Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones” TOCS 2014.

  • [104] T. Müller and M. Spreitzenbarth “Frost” in Applied Cryptography and Network Security. Springer 2013 pp. 373-388.

  • [105] J. Zdziarski “Identifying back doors attack points and surveillance mechanisms in iOS devices” Digital Investigation vol. 11 no. 1 pp. 3-19 2014.

  • [106] U. D. of Justice “Pakistani man indicted for selling stealthgenie spyware app” https://www.fbi.gov/washingtondc/press-releases/2014/pakistani-man-indictedfor-selling-stealthgenie-spyware-app Sep. 2014.

  • [107] P. Coogan “Android rats branch out with dendroid” http://www.symantec.com/connect/blogs/android-rats-branchout-dendroid March 2014.

  • [108] T. Chen I. Ullah M. A. Kaafar and R. Boreli “Information leakage through mobile analytics services” in HotMobile 2014.

  • [109] D. F. Kune J. Koelndorfer N. Hopper and Y. Kim “Location leaks on the GSM air interface” in NDSS 2012 2012.

  • [110] D. Richardson “XcodeGhost iOS malware: The list of affected apps and what you should do” http://blog.lookout.com/blog/2015/09/21/xcodeghost-apps/ Sep. 2015.

  • [111] M. Zheng H. Xue Y. Zhang T. Wei and J. C. Lui “Enpublic apps: Security threats using iOS enterprise and developer certificates” in ASIACCS 2015.

  • [112] P. Paganini “Snooping Samsung S6 calls with bogus base stations” http://securityaffairs.co/wordpress/41923/hacking/snooping-samsung-s6.html Nov. 2015.

  • [113] R.-P. Weinmann “Baseband attacks: Remote exploitation of memory corruptions in cellular protocol stacks.” in WOOT. USENIX Association 2012.

  • [114] G. Qin C. Patsakis and M. Bouroche “Playing hide and seek with mobile dating applications” in ICT Sys. Sec. and Privacy Protection. Springer 2014 pp. 185-196.

  • [115] C. Miller D. Blazakis D. DaiZovi S. Esser V. Iozzo and R.-P. Weinmann iOS Hacker’s Handbook. John Wiley & Sons 2012.

  • [116] D. Rosenberg “Reflections on trusting trustzone” in Blackhat 2014.

  • [117] D. Shen “Attacking your trusted core: Exploiting trustzone on android” in Blackhat 2015.

  • [118] laginimaineb “Full trustzone exploit for msm8974” http://bits-please.blogspot.com/2015/08/full-trustzone-exploitfor-msm8974.html 2015.

  • [119] K. Nohl “Rooting Sim Cards” in BlackHat Briefings Las Vegas NV July 2013.

  • [120] J. R. Rao P. Rohatgi H. Scherzer and S. Tinguely “Partitioning attacks: or how to rapidly clone some GSM cards” in Symp. on Sec. and Privacy. IEEE 2002.

  • [121] J. Hubbard K. Weimer and Y. Chen “A study of SSL proxy attacks on Android and iOS mobile applications” in CCNC 2014.

  • [122] S. Fahl M. Harbach T. Muders L. Baumgärtner B. Freisleben and M. Smith “Why eve and mallory love android: An analysis of android SSL (in)security” in CCS

  • [123] S. Narain A. Sanatinia and G. Noubir “Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning” in WiSec 2014.

  • [124] R. Raguram A. M. White D. Goswami F. Monrose and J.-M. Frahm “iSpy: automatic reconstruction of typed input from compromising reflections” in CCS 2011.

  • [125] Y. Xu J. Heinly A. M. White F. Monrose and J.-M. Frahm “Seeing double: Reconstructing obscured typed input from repeated compromising reflections” in CCS 2013.

  • [126] R.-P. Weinmann “New challenges in baseband exploitation: The hexagon architecture” CODEGATE 2014.

  • [127] iPhone DevTeam “Evolution of the iPhone Baseband and Unlocks” http://old.sebug.net/paper/Meeting-Documents/hitbsecconf2012ams/D1T2%20-%20MuscleNerd%20-%20Evolution%20of%20iPhone%20Baseband%20and%20Unlocks.pdf May 2012.

  • [128] O. Dunkelman N. Keller and A. Shamir “A practical-time attack on the A5/3 cryptosystem used in third generation GSM telephony” IACR Cryptology ePrint Archive vol. 2010 p. 13 2010.

  • [129] S. Beaupre “Trustnone” http://theroot.ninja/disclosures/TRUSTNONE_1.0-11282015.pdf 2015.

  • [130] Y. Gilad A. Herzberg and A. Trachtenberg “Securing smartphones: A μtcb approach” Pervasive Comp. vol. 13 no. 4 pp. 72-79 2014.

  • [131] H. Chen Y. Mao X. Wang D. Zhou N. Zeldovich and M. F. Kaashoek “Linux kernel vulnerabilities: State-of-theart defenses and open problems” in APSys 2011.

  • [132] C. Spensky and H. Hu “LL-SmartCard” https://github.com/mit-ll/LL-Smartcard.

  • [133] G. Wilkinson “Digital terrestrial tracking: The future of surveillance” 2014.

  • [134] Eckhart Trevor “Carrier IQ part 2” https://www.youtube.com/watch?v=T17XQI_AYNo 2011.

  • [135] N. Lee “Smartphones and privacy” in Facebook Nation. Springer 2014 pp. 71-84.

  • [136] “CVE-2014-8346.” Available from MITRE CVE-ID CVE-2014-8346. Oct. 10 2014.

  • [137] G. Data “G data mobile malware report: Threat report q2/2015” https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_EN.pdf 2015.

  • [138] D. Gilbert “Amazon selling 40 dollar android tablets that come with pre-installed malware” http://www.ibtimes.com/amazon-selling-40-android-tablets-come-pre-installedmalware-2181424 2015.

  • [139] P. Kocialkowski “Samsung galaxy back-door” http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor Februrary 2014.

  • [140] D. R. Thomas A. R. Beresford and A. Rice “Security metrics for the android ecosystem” in SPSM 2015.

  • [141] “System permissions” http://developer.android.com/guide/topics/security/permissions.html 2015.

  • [142] SourceDNA “iOS apps caught using private APIs” https://sourcedna.com/blog/20151018/ios-apps-using-privateapis. html 2015.

  • [143] Z. Chen A. Mettler P. Gilbert and Y. Kang “iBackDoor: High-Risk Code Hits iOS Apps” https://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html 2015.

  • [144] C. Xiao “WIRELURKER: A new era in iOS and OS X malware” https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf 2015.

  • [145] J. Stewart A. Trachtenberg and A. Yerukhimovich “Look ma no permissions! accessing private data on android” In Submission 2016.

  • [146] A. M. White A. R. Matthews K. Z. Snow and F. Monrose “Phonotactic reconstruction of encrypted VoIP conversations: Hookt on fon-iks” in Proc. Symp. on Sec. and Privacy. IEEE 2011.

  • [147] C. V. Wright L. Ballard F. Monrose and G. M. Masson “Language identification of encrypted VoIP traffic: Alejandra y roberto or alice and bob?” in USENIX Sec. Symp. USENIX Association 2007.

  • [148] C. V. Wright L. Ballard S. E. Coull F. Monrose and G. M. Masson “Uncovering spoken phrases in encrypted voice over IP conversations” TISSEC 2010.

  • [149] K. P. Dyer S. E. Coull T. Ristenpart and T. Shrimpton “Peek-a-boo i still see you: Why efficient traffic analysis countermeasures fail” in Symp. on Sec. and Privacy.IEEE 2012.

  • [150] R. Stevens J. Ganz V. Filkov P. Devanbu and H. Chen “Asking for (and about) permissions used by android apps” in MSR 2013.

  • [151] X. Wei L. Gomez I. Neamtiu and M. Faloutsos “Permission evolution in the android ecosystem” in ACSAC 2012.

  • [152] T. Book A. Pridgen and D. S. Wallach “Longitudinal analysis of android ad library permissions” in MoST 2013.

  • [153] M. Egele C. Kruegel E. Kirda and G. Vigna “PiOS: Detecting privacy leaks in iOS applications” in NDSS 2011.

  • [154] C. Carmony “dm_dump” https://github.com/c1fe/dm_dump/ 2014.

  • [155] D. Sounthiraraj J. Sahs G. Greenwood Z. Lin and L. Khan “SMV-Hunter: Large scale automated detection of SSL/TLS man-in-the-middle vulnerabilities in android apps” in NDSS 2014.

  • [156] M. Egele D. Brumley Y. Fratantonio and C. Kruegel “An empirical study of cryptographic misuse in android applications” in CCS 2013 New York NY USA.

  • [157] Y. Li Y. Zhang J. Li and D. Gu “iCryptoTracer: Dynamic analysis on misuse of cryptography functions in iOS Applications” in Network and System Sec. Springer 2014 pp. 349-362.

  • [158] S. Fahl M. Harbach H. Perl M. Koetter and M. Smith “Rethinking SSL development in an appified world” in CCS 2013.

  • [159] M. Georgiev S. Iyengar S. Jana R. Anubhai D. Boneh and V. Shmatikov “The most dangerous code in the world: validating SSL certificates in non-browser software” in CCS 2012.

  • [160] L. Onwuzurike and E. De Cristofaro “Danger is my middle name: experimenting with SSL vulnerabilities in android apps” in WiSec 2015.

  • [161] N. Vallina-Rodriguez J. Amann C. Kreibich N. Weaver and V. Paxson “A tangled mass: The android root certificate stores” in CoNEXT 2014.

  • [162] B. Reaves N. Scaife A. Bates P. Traynor and K. R. Butler “Mo(bile) money mo(bile) problems: analysis of branchless banking applications in the developing world” in USENIX Sec. Symp. USENIX Association 2015.

  • [163] M. Oltrogge Y. Acar S. Dechand M. Smith and S. Fahl “To pin or not to pin? Helping app developers bullet proof their TLS connections” in USENIX Sec. Symp. USENIX Association 2015.

  • [164] “Mallodroid” https://github.com/sfahl/mallodroid 2015.

  • [165] “Smv-hunter” https://github.com/utds3lab/SMVHunter 2015.

  • [166] J. P. Kincaid R. P. Fishburne Jr R. L. Rogers and B. S. Chissom “Derivation of new readability formulas (automated readability index fog count and flesch reading ease formula) for navy enlisted personnel” Naval Technical Training Command Tech. Rep. 1975.

  • [167] C. Gentry “Fully homomorphic encryption using ideal lattices” in STOC 2009.

  • [168] A. C. Yao “Protocols for secure computations (extended abstract)” in FOCS 1982.

  • [169] M. Ben-Or S. Goldwasser and A. Wigderson “Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract)” in STOC 1988.

  • [170] D. Boneh A. Sahai and B. Waters “Functional encryption: Definitions and challenges” in TCC 2011.

  • [171] D. W. Archer D. Bogdanov B. Pinkas and P. Pullonen “Maturity and performance of programmable secure computation” IACR Cryptology ePrint Archive vol. 2015 p. 1039 2015.

  • [172] S. Yakoubov V. Gadepally N. Schear E. Shen and A. Yerukhimovich “A survey of cryptographic approaches to securing big-data analytics in the cloud” in HPEC 2014.

  • [173] J. Yang K. Yessenov and A. Solar-Lezama “A language for automatically enforcing privacy policies” in SIGPLAN Notices vol. 47 no. 1. ACM 2012 pp. 85-96.

  • [174] A. Ruef and C. Rohlf “Programming language theoretic sec. in the real world: A mirage or the future?” in Cyber Warfare. Springer 2015 pp. 307-321.

  • [175] H. K. Harton M. Sitaraman and J. Krone “Formal program verification” Wiley Encyclopedia of Comp. Science and Engineering 2008.

  • [176] A. A. de Amorim N. Collins A. DeHon D. Demange C. Hritcu D. Pichardie B. C. Pierce R. Pollack and A. Tolmach “A verified information-flow architecture” in POPL 2014.

  • [177] H. Wang J. Hong and Y. Guo “Using text mining to infer the purpose of permission use in mobile apps” in UbiComp 2015.

  • [178] Y. Agarwal and M. Hall “ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing” in MobiSys 2013.

  • [179] P. Pearce A. P. Felt G. Nunez and D. Wagner in ASIACCS 2012.

  • [180] S. Shekhar M. Dietz and D. S. Wallach “Adsplit: Separating smartphone advertising from applications” in USENIX Sec. Symp. USENIX Association 2012.

  • [181] X. Zhang A. Ahlawat and W. Du “Aframe: isolating advertisements from mobile applications in android” in ACSAC 2013.

  • [182] H. Kawabata T. Isohara K. Takemori A. Kubota J.-i. Kani H. Agematsu and M. Nishigaki “Sanadbox: Sandboxing third party advertising libraries in a mobile application” in ICC 2013.

  • [183] S. Nakamoto “Bitcoin: A peer-to-peer electronic cash system” https://bitcoin.org/bitcoin.pdf 2011.

  • [184] R. Kumaresan T. Moran and I. Bentov “How to use bitcoin to play decentralized poker” in CCS 2015.

Search
Journal information
Cited By
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 1201 801 27
PDF Downloads 430 286 12