AnFlo: Detecting Anomalous Sensitive Information Flows in Android Apps

by   Biniam Fisseha Demissie, et al.

Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive data is handled by an app which is vulnerable or malicious. Existing approaches that detect anomalous sensitive data flows have limitations in terms of accuracy because the definition of anomalous flows may differ for different apps with different functionalities; it is normal for "Health" apps to share heart rate information through the Internet but is anomalous for "Travel" apps. In this paper, we propose a novel approach to detect anomalous sensitive data flows in Android apps, with improved accuracy. To achieve this objective, we first group trusted apps according to the topics inferred from their functional descriptions. We then learn sensitive information flows with respect to each group of trusted apps. For a given app under analysis, anomalies are identified by comparing sensitive information flows in the app against those flows learned from trusted apps grouped under the same topic. In the evaluation, information flow is learned from 11,796 trusted apps. We then checked for anomalies in 596 new (benign) apps and identified 2 previously-unknown vulnerable apps related to anomalous flows. We also analyzed 18 malware apps and found anomalies in 6 of them.


page 1

page 2

page 3

page 4


Detecting Data Leakage from Databases on Android Apps with Concept Drift

Mobile databases are the statutory backbones of many applications on sma...

IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications

Android apps cooperate through message passing via intents. However, whe...

Securing IoT Apps with Fine-grained Control of Information Flows

Internet of Things is growing rapidly, with many connected devices now a...

An Android Application Risk Evaluation Framework Based on Minimum Permission Set Identification

Android utilizes a security mechanism that requires apps to request perm...

Large-scale Mobile App Identification Using Deep Learning

Many network services and tools (e.g. network monitors, malware-detectio...

PHP code smells in web apps: survival and anomalies

Context: Code smells are considered symptoms of poor design, leading to ...

Understanding Worldwide Private Information Collection on Android

Mobile phones enable the collection of a wealth of private information, ...

Please sign up or login with your details

Forgot password? Click here to reset