iShield: A Framework for Preserving Privacy of iOS App User
DOI:
https://doi.org/10.13052/2245-1439.845Keywords:
Privacy preserving framework, iOS Apps, static and dynamic analysis, information securityAbstract
Do iOS apps honour user’s privacy? Protection of user’s privacy by apps has lately emerged as a big challenge. Many studies have identified that there exists an inherent trade-off between end user’s privacy and apps’functionality. Some methods have been proposed to preserve user’s privacy of specific data like location and health information. However, a comprehensive framework to enable privacy preserving data sharing by apps has not been found. In this paper, we have proposed iShield - a privacy preserving framework that can be easily integrated by developers at the time of app creation to enforce privacy with minimal performance overhead. Privacy threat to a user has been quantified by calculation of privacy disclosure score of an app user. Empirical results demonstrate that the approach significantly reduces the privacy disclosure of the user.
Downloads
References
S. Zhong, L. Li, Y. G. Liu, and Y. R. Yang, “Privacy-preserving location- based services for mobile users in wireless networks,” Yale Comput. Sci. Tech. Rep. YALEU/DCS/TR-1297, pp. 1–13, 2004.
S. Lee, E. L. Wong, D. Goel, M. Dahlin, and V. Shmatikov, “πBox: a platform for privacy-preserving apps,” 10th USENIX Conf. Networked Syst. Des. Implement., pp. 501–514, 2013.
Rafia Shaikh, “Thousands of iOS & Android Apps Are Leaking Data of Millions of Users.” [Online]. Available: https://wccftech.com/thousands- ios-android-apps-leaking-data/. [Accessed: 12-Sep-2018].
Rene Millman, “Too many apps leak personal data to third parties, report finds.” [Online]. Available: https://www.scmagazineuk.com/apps-leak- personal-data-third-parties-report-finds/article/1479383. [Accessed: 12-Sep-2018].
D. Walnycky et al., “Network and device forensic analysis of Android social-messaging applications,” vol. 14, 2015.
A. J. Bhatt, C. Gupta, and S. Mittal, “Network Forensics Analysis of iOS Social Networking and Messaging Apps,” in Eleventh International Conference on Contemporary Computing (IC3), Noida, India, 2018, pp. 324–329.
Apple Inc., “App Sandboxing - Apple Developer.” [Online]. Available: https://developer.apple.com/app-sandboxing/. [Accessed: 03-Nov-2018].
M. Mohanty, “iOS SANDBOXING Lecture 16 RECAP?: DEP AND ASLR Buffer overflow attack can happen,” 2018.
Bart Jacobs, “What Is Application Sandboxing.” [Online]. Available: https://cocoacasts.com/what-is-application-sandboxing. [Accessed: 03- Nov-2018].
W. Fang, X. Z. Wen, Y. Zheng, and M. Zhou, “A Survey of Big Data Security and Privacy Preserving,” IETE Tech. Rev., vol. 4602, no. September, pp. 1–17, 2016.
Kees Friesland, “The Pros and Cons of Data Encryption - TechNadu.” [Online]. Available: https://www.technadu.com/pros-and-cons-of-data-encryption/38599/. [Accessed: 03-Nov-2018].
Steve Lander, “Disadvantages of Public Key Encryption.” [Online]. Available: https://smallbusiness.chron.com/disadvantages-public-key-en cryption-68149.html. [Accessed: 03-Nov-2018].
E. Aghasian, S. Garg, and L. Gao, “Scoring Users Privacy Disclosure Across Multiple Online Social Networks,” IEEE Access, vol. 5, pp. 13118–13130, 2017.
Proofpoint Staff, “Is nothing sacred? Risky mobile apps steal data and spy on users.” [Online]. Available: https://www.proofpoint.com/us/threat-insight/post/Risky-Mobile-Apps-Steal-Data. [Accessed: 12-Sep-2018].
Appthority, “Mobile App Reputation Report,” 2014.
Kryptowire and IAPP, “Assessing Mobile App Data Privacy Risk,” 2017.
W. Fang, X. Z. Wen, Y. Zheng, and M. Zhou, “A Survey of Big Data Security and Privacy Preserving,” IETE Tech. Rev., vol. 4602, no. September, pp. 1–17, 2016.
E. Bertino, D. Lin, and W. Jiang, “A Survey of Quantification of Privacy Preserving Data Mining Algorithms,” PrivacyPreserving Data Min., vol. 34, pp. 183–205, 2008.
R. Mendes and J. P. Vilela, “Privacy-Preserving Data Mining: Methods, Metrics, andApplications,” IEEEAccess, vol. 5, pp. 10562–10582, 2017.
K. Gao, Y. Zhu, S. Gong, and H. Tan, “Location privacy protection algorithm for mobile networks,” Eurasip J. Wirel. Commun. Netw., vol. 2016, no. 1, 2016.
C. Saranya and G. Manikandan, “A study on normalization techniques for privacy preserving data mining,” Int. J. Eng. Technol., vol. 5, no. 3, pp. 2701–2704, 2013.
E. Sy, T. Mueller, and D. Herrmann, “AppPETs?: A Framework for Privacy-Preserving Apps.”
R. Liu, J. Cao, S. VanSyckel, and W. Gao, “PriMe: Human-centric privacy measurement based on user preferences towards data sharing in mobile participatory sensing systems,” 2016 IEEE Int. Conf. Pervasive Comput. Commun., pp. 1–8, 2016.
A. J. Bhatt, C. Gupta, and S. Mittal, “iABC: Towards a hybrid framework for analyzing and classifying behaviour of iOS applications using static and dynamic analysis,” J. Inf. Secur. Appl., vol. 41, pp. 144–158, 2018.
A. J. Bhatt, C. Gupta, and S. Mittal, “iABC-AL: Active learning-based privacy leaks threat detection for iOS applications,” J. King Saud Univ. - Comput. Inf. Sci., 2018.
J. L. Becker and H. Chen, “Measuring privacy risk in online social networks,” pp. 2095–2100, 2009.
B. Russell, “Evaluating Information?: Validity, Reliability, Accuracy,” Sage Res. Methods, pp. 79–99, 2007.
Han Jiawei; Kamber Micheline; Pei Jian, Data Mining Concepts and Techniques, Third. 2012.
H. Lee, S. Kim, J. W. Kim, and Y. D. Chung, “Utility-preserving anonymization for health data publishing,” BMC Med. Inform. Decis. Mak., vol. 17, no. 1, pp. 1–12, 2017.
Z. Wang, Z. Ma, S. Luo, and H. Gao, “Enhanced Instant Message Security and Privacy Protection Scheme for Mobile Social Network Systems,” vol. XX, no. c, 2018.
