User Privacy and Data Flow Control for Android Apps: Systematic Literature Review
DOI:
https://doi.org/10.13052/jcsm2245-1439.1019Keywords:
User privacy, data flow control, Android apps, mobile applicationAbstract
Android mobile apps gain access to numerous users’ private data. Users of different Android mobile apps have less control over their sensitive data during their installation and run-time. Too often, these apps consider data privacy less serious than users’ expectations. Many mobile apps misbehave and upload users’ data without permission which confirmed the possibility of privacy leakage through different network channels. The literature has proposed various approaches to protect user’s data and avoid privacy violations. In this paper, we provide a comprehensive overview of state-of-art research on Android user privacy, and data flow control. the aim is to highlight the main trends, pinpoint the main methodologies applied, and enumerate the privacy violations faced by Android users. We also shed some light on the directions where the researcher’s community effort is still needed. To this end, we conduct a Systematic Literature Review (SLR) during which we surveyed 114 relevant research papers published in leading conferences and journals. Our thorough examination of the relevant literature has led to a critical analysis of the proposed solutions with a focus on user privacy extensions and mechanism for the Android mobile platform. Furthermore, possible solutions and research directions have been discussed.
Downloads
References
B. B. G. Malkiel and M. E. Stucke, “The Invisible Digital Threat: Mobile Ad Fraud 2019 Report,” 2019. [Online]. Available: https://www.secure-d.io/mobileadfraud2019report/.
A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, “Android Permissions: User Attention, Comprehension, and Behavior,” in Proceedings of the eighth symposium on usable privacy and security, 2012, pp. 1–14, doi: 10.1145/2335356.2335360.
I. I. Conference, C. Security, and C. Computing, “CUPA: A Configurable User Privacy Approach For Android Mobile Application,” 2020.
J. Seo, D. Kim, D. Cho, T. Kim, and I. Shin, “FLEXDROID: Enforcing In-App Privilege Separation in Android,” in NDSS, 2017, no. February, pp. 21–24, doi: 10.14722/ndss.2016.23485.
M. Hammad, H. Bagheri, and S. Malek, “The Journal of Systems and Software DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android,” J. Syst. Softw., vol. 149, pp. 83–100, 2019, doi: 10.1016/j.jss.2018.11.049.
G. Shrivastava and P. Kumar, “Privacy analysis of android applications: State-of-art and literary assessment,” Scalable Comput., vol. 18, no. 3, pp. 243–252, 2017, doi: 10.12694/scpe.v18i3.1304.
Z. Alkindi, M. Sarrab, and N. Alzeidi, “Android Application Permission Model Issues and Privacy Violation,” in Free and Open Source Software Conference (FOSSC’2019-OMAN), 2019, no. April, pp. 47–51, [Online]. Available: https://www.researchgate.net/profile/Zainab_Alkindi/publication/332401070_Android_Application_Permission_Model_Issues_and_Privacy_Violation/links/5cb1d9cb92851c8d22e809b7/Android-Application-Permission-Model-Issues-and-Privacy-Violation.pdf.
R. Neisse, G. Steri, D. Geneiatakis, and I. Nai Fovino, “A privacy enforcing framework for Android applications,” Comput. Secur., vol. 62, pp. 257–277, 2016, doi: 10.1016/j.cose.2016.07.005.
Y. Shao, J. Ott, Q. A. Chen, Z. Qian, and Z. M. Mao, “Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework,” no. February, pp. 21–24, 2016.
L. I. Jian, W. Zheng, W. Tao, T. Jinghao, Y. Yuguang, and Z. Yihua, “An Android Malware Detection System Based on Feature Fusion *
,” vol. 27, no. 6, 2018, doi: 10.1049/cje.2018.09.008.
Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets,” in Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012, no. 2, pp. 5–8, doi: http://www.internetsociety.org/hey-you-get-my-market-detecting-malicious-apps-official-and-alternative-android-markets.
T. Bläsing, L. Batyuk, A. D. Schmidt, S. A. Camtepe, and S. Albayrak, “An android application sandbox system for suspicious software detection,” Proc. 5th IEEE Int. Conf. Malicious Unwanted Software, Malware 2010, pp. 55–62, 2010, doi: 10.1109/MALWARE.2010.5665792.
W. Enck et al., “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Commun. ACM, vol. 57, no. 3, pp. 99–106, 2014, doi: 10.1145/2494522.
S. M. Kywe, Y. Li, J. Hong, and C. Yao, “Dissecting developer policy-violating apps: Characterization and detection,” in 11th International Conference on Malicious and Unwanted Software, MALWARE 2016, 2017, pp. 10–19, doi: 10.1109/MALWARE.2016.7888725.
D. C. Nguyen, E. Derr, M. Backes, and S. Bugiel, “Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy,” 2019 IEEE Symp. Secur. Priv., pp. 555–569, doi: 10.1109/SP.2019.00012.
D. S. Yadav and P. K. Doke, “Mobile Cloud Computing Issues and Solution Framework,” Int. Res. J. Eng. Technol., vol. 3, no. 11, pp. 1115–1118, 2016.
Z. Xu and S. Zhu, “SemaDroid: A privacy-aware sensor management framework for smartphones,” in CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 2015, pp. 61–72, doi: 10.1145/2699026.2699114.
G. Shrivastava, P. Kumar, D. Gupta, and J. J. P. C. Rodrigues, “Privacy issues of android application permissions: A literature review,” Trans. Emerg. Telecommun. Technol., no. September, pp. 1–17, 2019, doi: 10.1002/ett.3773.
M. Hussain et al., “Conceptual framework for the security of mobile health applications on Android platform,” Telemat. Informatics, vol. 35, no. 5, pp. 1335–1354, 2018, doi: 10.1016/j.tele.2018.03.005.
N. Asaddok and M. Ghazali, “Exploring the usability, security and privacy taxonomy for mobile health applications,” in International Conference on Research and Innovation in Information Systems, ICRIIS, 2017, pp. 1–6, doi: 10.1109/ICRIIS.2017.8002472.
M. Sun, X. Li, J. C. S. Lui, R. T. B. Ma, and Z. Liang, “Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android,” IEEE Trans. Inf. Forensics Secur., vol. 12, no. 5, pp. 1103–1112, 2017, doi: 10.1109/TIFS.2016.2646641.
Z. Epstein, “WannaCry_ Everything you need to know about the global ransomware attack – BGR,” http://bgr.com/tag/wannacry/, 2017.
J. Patterson, “‘Wanna Cry’ virus infecting computers around the world, Tampa Bay area bracing for impact _ WFLA,” 2017. http://wfla.com/2017/05/15/wanna-cry-virus-infecting-computers-around-the-world-tampa-bay-area-bracing-for-impact/.
S. Bhandari, W. Ben, V. Jain, and V. Laxmi, “Android inter-app communication threats and detection techniques,” Comput. Secur., vol. 70, pp. 392–421, 2017, doi: 10.1016/j.cose.2017.07.002.
D. Barrera, P. C. Van Oorschot, and A. Somayaji, “A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android,” in In Proceedings of the 17th ACM conference on Computer and communications security, 2010, no. 1, pp. 73–84, doi: 10.1145/1866307.1866317.
Y. Xu, G. Wang, J. Ren, and Y. Zhang, “An adaptive and configurable protection framework against android privilege escalation threats,” Futur. Gener. Comput. Syst., vol. 92, pp. 210–224, 2019, doi: 10.1016/j.future.2018.09.042.
“App permissions best practices |Android Developers,” Google Developer, 2020. https://developer.android.com/training/permissions/usage-notes (accessed Aug. 25, 2020).
G. Shrivastava and P. Kumar, “SensDroid: Analysis for Malicious Activity Risk of Android Application,” Multimed. Tools Appl., vol. 78, no. 24, pp. 35713–35731, 2019, doi: 10.1007/s11042-019-07899-1.
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android Permissions Demystified,” 2011.
J. Song, C. Han, K. Wang, J. Zhao, and R. Ranjan, “An integrated static detection and analysis framework for android,” Pervasive Mob. Comput., vol. 32, pp. 15–25, 2016, doi: 10.1016/j.pmcj.2016.03.003.
A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, “Permission Re-Delegation: Attacks and Defenses,” 2011.
R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, and A. Stavrou, “A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud,” in Proceedings of the 7th International Workshop on Automation of Software Test, 2012, pp. 1–7.
H. M. A. Maqsood, K. N. Qureshi, F. Bashir, and N. U. Islam, “Privacy Leakage through Exploitation of Vulnerable Inter-App Communication on Android,” 2019 13th Int. Conf. Open Source Syst. Technol. ICOSST 2019 – Proc., pp. 31–36, 2019, doi: 10.1109/ICOSST48232.2019.9043935.
A. H. Lashkari, A. F. Akadir, H. Gonzalez, K. F. Mbah, and A. A. Ghorbani, “Towards a network-based framework for android malware detection and characterization,” Proc. – 2017 15th Annu. Conf. Privacy, Secur. Trust. PST 2017, no. Cic, pp. 233–242, 2018, doi: 10.1109/PST.2017.00035.
B. Kitchenham, “Procedures for Performing Systematic Reviews,” 2004. doi: 1353–7776.
Y. L. Phu H.Nguyen, Max Kramer, Jacques Klein, “An extensive systematic review on the model-driven development of secure systems,” Inf. Softw. Technol., vol. 68, pp. 62–81, 2015.
V. S. Zlatko Stapi , Eva Garc a L pez, Antonio García Cabot, Luis de Marcos Ortega, “Performing systematic literature review in software engineering,” 2012.
L. Li et al., “Static analysis of android apps: A systematic literature review,” vol. 88, pp. 67–95, 2017, doi: 10.1016/j.infsof.2017.04.001.
Statista, “Number of available applications in the Google Play Store from December 2009 to March 2017,” 2017. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/ (accessed Dec. 22, 2017).
Polynomial, “Difference between information flow control, data flow integrity, and tainting – Information Security Stack Exchange,” 2016. https://security.stackexchange.com/questions/125033/difference-between-information-flow-control-data-flow-integrity-and-tainting (accessed Aug. 31, 2020).
X. Rong-na, L. Hui, S. Guo-zhen, G. Yun-chuan, N. Ben, and S. Mang, “Provenance-based data flow control mechanism for Internet of things,” Trans. Emerg. Telecommun. Technol., no. January, pp. 1–23, 2020, doi: 10.1002/ett.3934.
D. Hedin and A. Sabelfeld, “A Perspective on Information-Flow Control,” 2011.
J. Bacon, D. Eyers, T. F. J. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch, “Information Flow Control for Secure Cloud Computing,” EEE Trans. Netw. Serv. Manag., vol. 11, no. 1, pp. 76–89, 2014.
M. Sarrab, “Runtime Monitoring Using Policy Based Approach to Control Information Flow for Mobile Apps,” Int. J. Secur. Networks, vol. 8, no. 4, pp. 212–230, 2013.
S. M. Moura, “Floodgate: An Information Flow Control Platform for Distributed Mobile Applications Telecommunications and Informatics Engineering,” 2015.
C. Bae and S. Shin, “A collaborative approach on host and network level android malware detection,” Secur. Commun. Networks, vol. 9, no. 18, pp. 5639–5650, 2016, doi: 10.1002/sec.1723.
A. Tiwari, S. Gro , and C. Hammer, “IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications,” Lect. Notes Inst. Comput. Sci. Soc. Telecommun. Eng. LNICST, vol. 305 LNICST, pp. 335–349, 2019, doi: 10.1007/978-3-030-37231-6_19.
A. Bedford, “Enforcing Information-Flow Policies by Combining Static and Dynamic Analyses Enforcing Information-Flow Policies by,” LAVAL, Canada, 2019.
C. Hammer and S. Bugiel, “Secure Multi-Execution in Android,” in In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, 2019, pp. 1934–1943.
M. Backes, S. Bugiel, E. Derr, S. Gerling, and C. Hammer, “R-Droid: Leveraging Android App Analysis with Static Slice Optimization Invited Paper,” pp. 129–140, 2016.
R. Liu, J. Cao, K. Zhang, W. Gao, J. Liang, and L. Yang, “When Privacy Meets Usability: Unobtrusive Privacy Permission Recommendation System for Mobile Apps Based on Crowdsourcing,” IEEE Trans. Serv. Comput., vol. 11, no. 5, pp. 864–878, 2018, doi: 10.1109/TSC.2016.2605089.
D. Geneiatakis, I. Nai, I. Kounelis, and P. Stirparo, “A Permission Verification Approach for Android Mobile Applications,” Comput. Secur., vol. 49, pp. 192–205, 2015.
J. Tang, R. Li, H. Han, H. Zhang, and X. Gu, “Detecting permission over-claim of android applications with static and semantic analysis approach,” in Proceedings – 16th IEEE International Conference on Trust, Security, and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, 2017, pp. 706–713, doi: 10.1109/Trustcom/BigDataSE/ICESS.2017.303.
A. Amin, A. Eldessouki, M. T. Magdy, N. Abdeen, H. Hindy, and I. Hegazy, “AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach,” Information, vol. 10, no. 10, p. 326, 2019, doi: 10.3390/info10100326.
L. Li, A. Bartel, F. Bissyand, J. Klein, and Y. Le Traon, “ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis,” in IFIP International Information Security Conference, no. Icc, pp. 513–527.
J. Ren, A. Rao, M. Lindorfer, A. Legout, and D. Choffnes, “ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic,” Proc. 14th Annu. Int. Conf. Mob. Syst. Appl. Serv. (MobiSys’16), pp. 361–374, 2016, doi: 10.1145/2906388.2906392.
S. Arzt et al., “FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps.”
S. Zimmeck et al., “Automated Analysis of Privacy Requirements for Mobile Apps,” in 2016 AAAI Fall Symposium Series, 2016, vol. 3078, no. 132, doi: 10.14722/ndss.2017.23034.
B. P. S. Rocha, M. Conti, S. Etalle, and B. Crispo, “Hybrid Static-Runtime Information Flow and Declassi fi cation Enforcement,” IEEE Trans. Inf. forensics Secur., vol. 8, no. 8, pp. 1294–1305, 2013.
J. Reardon, U. C. Berkeley, S. Egelman, and U. C. B. Icsi, “50 Ways to Leak Your Data: An Exploration of Apps ’ Circumvention of the Android Permissions System,” in In 28th Security Symposium (USENIX Security 19), 2019, pp. 603–620.
A. Sadeghi, R. Jabbarvand, N. Ghorbani, H. Bagheri, and S. Malek, “A temporal permission analysis and enforcement framework for Android,” in Proceedings – International Conference on Software Engineering, 2018, pp. 846–857, doi: 10.1145/3180155.3180172.
A. Alzaidi, S. Alshehri, and S. M. Buhari, “DroidRista: a highly precise static data flow analysis framework for Android applications,” pp. 523–536, 2020.
F. Liu, H. Cai, G. Wang, D. D. Yao, K. O. Elish, and B. G. Ryder, “MR-Droid: A Scalable and Prioritized Analysis of Inter-App Communication Risks,” 2017.
B. Liu et al., “Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions This paper is included in the Proceedings of the Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions,” no. Soups, 2016.
P. Wijesekera, A. Baokar, L. Tsai, and J. Reardon, “The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences,” in In 2017 IEEE Symposium on Security and Privacy (SP), 2017, pp. 1077–1093.
Y. Cao, Y. Fratantonio, A. Bianchi, and M. Egele, “EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework,” no. February, pp. 8–11, 2015.
L. Li et al., “IccTA: Detecting Inter-Component Privacy Leaks in Android Apps.”
A. B. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden and and P. M. Jacques Klein, Yves Le Traon, Damien Octeau, “Flowdroid: Precise context, ow, eld, object-sensitive and lifecycle-aware taint analysis for android apps.,” Program. Lang. Des. Implement., vol. 46, no. 6, pp. 259–269, 2014.
F. Wei, S. Roy, and X. Ou, “Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps Categories and Subject Descriptors,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014, pp. 1329–1341.
X. Wei, “ProfileDroid: Multi-layer Profiling of Android Applications Categories and Subject Descriptors.”
S. V. Sbirlea D, Burke MG, Guarnieri S, Pistoia M, “Automatic detection of inter-application permission leaks in android applications,” IBM J Res Dev, vol. 57, no. 6, pp. 1–12, 2013.
J. Kim, Y. Yoon, and K. Yi, “S CAN D AL: Automated Security Certification of Android Applications.”
D. Schreckling, D.- Passau, J. Posegga, D.- Passau, and D. Hausknecht, “Constroid: Data-Centric Access Control for Android,” in In Proceedings of the 27th ACM Symposium on Applied Computing (SAC), 2012, pp. 1478–1485.
“TrustDroid TM”: Preventing the use of SmartPhones for information leaking in corporate networks through the use of static analysis taint tracking Zhibo Zhao and Fernando C. Colon Osorio 2. Overview of the Android environment,” no. March 1999, pp. 1–9, 2007.
E. Chin, A. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in Android,” in In Proceedings of the 9th international conference on Mobile systems, applications, and services, 2011, pp. 239–252, doi: 10.1145/1999995.2000018.
P. Gilbert and L. P. Cox, “Vision: Automated Security Validation of Mobile Apps at App Markets.”
B. Rashidi, C. Fung, and T. Vu, “Android fine-grained permission control system with real-time expert recommendations,” Pervasive Mob. Comput., vol. 32, pp. 62–77, 2016, doi: 10.1016/j.pmcj.2016.04.013.
Z. Safavi, S., and Shukur, “CenterYou: A cloud-based Approach to Simplify Android Privacy Management,” 2020.
G. L. Scoccia, M. Autili, and P. Inverardi, “A self-configuring and adaptive privacy-aware permission system for Android apps,” in Proceedings – 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems, ACSOS 2020, 2020, pp. 38–47, doi: 10.1109/ACSOS49614.2020.00024.
G. L. Scoccia, I. Malavolta, M. Autili, A. Di Salle, and P. Inverardi, “Enhancing Trustability of Android Applications via User-Centric Flexible Permissions,” IEEE Trans. Softw. Eng., vol. PP, no. X, pp. 1–1, 2019, doi: 10.1109/the.2019.2941936.
M. Diamantaris, E. P. Papadopoulos, and J. Polakis, “REAPER: Real-time App Analysis for Augmenting the Android Permission System,” in In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019, pp. 37–48.
M. Y. Wong and D. Lie, “IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware,” in Proceedings of the annual symposium on the network and distributed system security (NDSS), 2016, no. February, pp. 21–24.
R. Schuster and E. Tromer, “DroidDisintegrator: Intra-Application Information Flow Control in Android Apps,” ASIA CCS ’16 Proc. 11th ACM Asia Conf. Comput. Commun. Secur., pp. 401–412, 2016, doi: 10.1145/2897845.2897888.
J. Gu, Y. Calvin, H. Xu, C. Zhang, and H. Ling, “Privacy concerns for mobile app download: An elaboration likelihood model perspective,” Decis. Support Syst., vol. 94, pp. 19–28, 2017, doi: 10.1016/j.dss.2016.10.002.
G. Suarez-tangil, J. E. Tapiador, P. Peris-lopez, and A. Ribagorda, “Evolution, Detection, and Analysis of Malware for Smart Devices,” IEEE Commun. Surv. Tutorials, vol. 16, no. 2, pp. 961–987, 2013.
P. Hornyack and S. Schechter, “These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications,” in Proceedings of CCS, 2011, pp. 639–651.
Acpm, “Inspeckage: Android Package Inspector - dynamic analysis with API hooks, start unexported activities and more,” acpm, 2017. https://github.com/ac-pm/Inspeckage (accessed Sep. 17, 2020).
K. Cotterell, I. Welch, and A. Chen, “An Android Security Policy Enforcement Tool,” in INTL journal of electronics and telecommunications, 2015, vol. 61, no. 4, pp. 311–320, doi: 10.1515/delete-2015-0040.
Y. Zhang, M. Yang, Z. Yang, G. Gu, P. Ning, and B. Zang, “Permission use analysis for vetting undesirable behaviors in android apps,” IEEE Trans. Inf. Forensics Secur., vol. 9, no. 11, pp. 1828–1842, 2014, doi: 10.1109/TIFS.2014.2347206.
V. Rastogi, Y. Chen, and W. Enck, “AppsPlayground: Automatic security analysis of smartphone applications,” in CODASPY 2013 – Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, 2013, pp. 209–220, doi: 10.1145/2435349.2435379.
Z. Yang, M. Yang, Y. Zhang, G. Gu, P. Ning, and X. S. Wang, “AppIntent: analyzing sensitive data transmission in android for privacy leakage detection,” in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS ’13, 2013, pp. 1043–1054, doi: 10.1145/2508859.2516676.
H. Lee, D. Kim, M. Park, and S. Cho, “Protecting data on the Android platform against privilege escalation attack,” Int. J. Comput. Math., vol. 93, no. 2, pp. 401–414, 2016, doi: 10.1080/00207160. 2014.986113.
M. Zhang, H. Yin, and A. App, “Transforming and Taming Privacy-Breaching Android Applications,” no. February, pp. 7–8, 2012.
M. Nauman, S. Khan, and X. Zhang, “Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints.”
Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh, “Taming information-stealing Smartphone Applications ( on Android ),” in International Conference on Trust and trustworthy computing, 2011, pp. 93–107.
A. R. Beresford, A. Rice, N. Skehin, and R. Sohan, “MockDroid: Trading privacy for application functionality on smartphones,” in Proceedings of the 12th Workshop on Mobile Computing Systems and Applications – HotMobile’11, 2011, no. February, p. 49, doi: 10.1145/2184489.2184500.
A. Fuchs, A. Chaudhuri, and J. Foster, “CRePE:context-related policy enforcement for android,” in Proceedings of the 13th international conference on Information security, ser. ISC10. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 331–345, doi: 10.1.1.164.6899.
A. P. Fuchs, A. Chaudhuri, and J. Foster, “SCanDroid: Automated Security Certification of Android Applications,” Read, vol. 10, no. November, p. 328, 2010, doi: 10.1.1.164.6899.
Y. J. Park, D. Chung, K. Kim, and J. Kim, “An Enhanced Security Policy Framework for Android Made Harta Dwijaksara,” 2011.
X. Liu, J. Liu, S. Zhu, W. Wang, and X. Zhang, “Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem,” IEEE Trans. Mob. Comput., vol. PP, no. c, p. 1, 2019, doi: 10.1109/TMC.2019.2903186.
A. Security, “Mobile App Security and Privacy Analysis,” Ostorlab, 2017. Ostorlab,.co.
Q. Qian, J. Cai, M. Xie, and R. Zhang, “Malicious behavior analysis for android applications,” Int. J. Netw. Secur., vol. 18, no. 1, pp. 182–192, 2016.
P. Singh, P. Tiwari, and S. Singh, “Analysis of Malicious Behavior of Android Apps,” Procedia - Procedia Comput. Sci., vol. 79, pp. 215–220, 2016, doi: 10.1016/j.procs.2016.03.028.
T. Oluwafemi and O. Riva, “Per-App Profiles with AppFork: The Security of Two Phones with the Convenience of One,” Microsoft, 2014.
T. Oluwafemi, “Using Component Isolation to Increase Trust in Mobile Devices,” 2015.
S. Lortz, D. Schneider, and A. Weber, “Cassandra: Towards a Certifying App Store for Android,” in In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, 2014, pp. 93–104.
S. Holla and M. M. Katti, “Android Based Mobile Application Development and its Security,” Int. J. Comput. Trends Technol., vol. 3, no. 3, pp. 486–490, 2012.
T. Mohini, S. A. Kumar, and G. Nitesh, “Review on Android and Smartphone Security,” Int. J. Eng. Sci., vol. 1, no. 6, pp. 12–19, 2013.
C. Mulliner, G. Vigna, D. Dagon, and W. Lee, “Using Labeling to Prevent Cross-Service Attacks Against Smart Phones,” pp. 91–108, 2006.