Auditing Access to Private Data on Android Platform

Abstract

App-based utility service on mobile phone has found enormous success in modern digital society. While App-based services on mobile platform make life easy, security and privacy concern of App installed on mobile phone poses a potential threat to user of mobile phone. Users typically do not pay much attention at the time of App installation before accepting the privacy terms display on his/her mobile phone. In this paper, we present a security monitor, a user level tool to detect the events of sensitive data access by mobile Apps and alert user for any suspicious data access. The security monitor does not require the Android root permission to run on mobile platform, instead, it relies on adding hooks to the application package at the bytecode level. The experimental results show that the proposed security monitor can effectively detect private or sensitive data access of Apps with almost no overhead on power consumption of mobile phone and App performance.