tasks:
T1. discover sensitive info transmission
T2. detect privacy leakage : distinguish malicious or benign use
challenges:
c1. fuzzy nature of privacy leakage detection pro: some info transmission is not explicit -> sensitive info justification
c2. larege no. of smartphone apps (need to be automated scalable)
c3. no server side logic available
Related work:
sensitive info flow tracking: taintDroid, PiOS, androidLeaks, FlowDroid
Event chain ana: appIntent (sensitive data transmission identification, but not scalable, need human efforts)
Statistical efforts: Bayesian
sensitive info usage: local use or transmit to netowrk
eg. weathre forcate app: send user‘s location to a remote server; app will receive weather info from the server; display the weather info
ways to get and transmit sensitive data:
1) framework apis
2) privileged intent actions: need to find the broadcast receiver
3) uri fields and strings: need to resolve
sensible phone states
=PScout permission specifications.
=SuSi do not need to require permission.
unique identifier to link the data medium: context; filename
sensitive info transmission--- socket httpclient; domain IP address -- sensible data reception
原文:http://www.cnblogs.com/CarrieCui/p/4599077.html