Detecting Privacy Information Abuse by Android Apps from API Call Logs

Abstract

In these years, the use of smartphones is spreading. Android is the most major smartphone OS in the world, and there are a lot of third-party application stores for Android. Such third-party stores make it easy to install third-party applications. However, these applications may access and obtain privacy information, in addition to their major functions. There is a survey showing that most users do not take good care of the settings about how their privacy information is handled by applications. Thus, privacy information abuse by authorized application is becoming a serious problem. In this paper, we propose a method to detect applications that access privacy information unrelated to their functionalities by analyzing API call logs, which can reveal the activities of the application. In order to record API call logs, we modified the Android source code, and run the rebuilt system on an emulator. We analyzed applications’ API call logs with a statistical method, based on the frequency of privacy information accessing and network activities.