research-article

Public Access

Detecting and Measuring Aggressive Location Harvesting in Mobile Apps via Data-flow Path Embedding

Authors:

Qingchuan Zhao,

Yongliang Chen,

Zhiqiang LinAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 7, Issue 1

Article No.: 18, Pages 1 - 27

https://doi.org/10.1145/3579447

Published: 02 March 2023 Publication History

Abstract

Today, location-based services have become prevalent in the mobile platform, where mobile apps provide specific services to a user based on his or her location. Unfortunately, mobile apps can aggressively harvest location data with much higher accuracy and frequency than they need because the coarse-grained access control mechanism currently implemented in mobile operating systems (e.g., Android) cannot regulate such behavior. This unnecessary data collection violates the data minimization policy, yet no previous studies have investigated privacy violations from this perspective, and existing techniques are insufficient to address this violation. To fill this knowledge gap, we take the first step toward detecting and measuring this privacy risk in mobile apps at scale. Particularly, we annotate and release thefirst dataset to characterize those aggressive location harvesting apps and understand the challenges of automatic detection and classification. Next, we present a novel system, LocationScope, to address these challenges by(i) uncovering how an app collects locations and how to use such data through a fine-tuned value set analysis technique,(ii) recognizing the fine-grained location-based services an app provides via embedding data-flow paths, which is a combination of program analysis and machine learning techniques, extracted from its location data usages, and(iii) identifying aggressive apps with an outlier detection technique achieving a precision of 97% in aggressive app detection. Our technique has further been applied to millions of free Android apps from Google Play as of 2019 and 2021. Highlights of our measurements on detected aggressive apps include their growing trend from 2019 to 2021 and the app generators' significant contribution of aggressive location harvesting apps.

References

[1]

2008. PlaceMask - Protecting Location Privacy. <a href="http://www.placemask.com/">http://www.placemask.com/</a>

[2]

2012. Free mobile apps a threat to privacy, study finds. <a href="https://www.computerweekly.com/news/2240169770/Free-mobile-apps-a-threat-to-privacy-study-finds">https://www.computerweekly.com/news/2240169770/Free-mobile-apps-a-threat-to-privacy-study-finds</a>

[3]

2018. pkumza/LibRadar: LibRadar - A detecting tool for 3rd-party libraries in Android apps. <a href="https://github.com/pkumza/LibRadar">https://github.com/pkumza/LibRadar</a>

[4]

2020. App Monetization Lifehacks: Everything you wanted to know about the revenue from free apps. <a href="https://appsgeyser.com/blog/monetization-lifehacks-everything-you-wanted-to-know-about-the-revenue-from-apps-with-appsgeyser/">https://appsgeyser.com/blog/monetization-lifehacks-everything-you-wanted-to-know-about-the-revenue-from-apps-with-appsgeyser/</a>

[5]

2022a. androguard/androguard: Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !). <a href="https://github.com/androguard/androguard">https://github.com/androguard/androguard</a>

[6]

2022b. Android Foreground Service Location Label. <a href="https://developer.android.com/training/location/permissions">https://developer.android.com/training/location/permissions</a>

[7]

2022c. Android Location Permission. <a href="https://developer.android.com/training/location/permissions#request-location-access-runtime">https://developer.android.com/training/location/permissions#request-location-access-runtime</a>

[8]

2022. Baron Service. <a href="https://www.baronweather.com">https://www.baronweather.com</a>.

[9]

2022a. k-nearest neighbors algorithm. <a href="https://en.wikipedia.org/wiki/K-nearest_neighbors_algorithm">https://en.wikipedia.org/wiki/K-nearest_neighbors_algorithm</a>.

[10]

2022. Location Strategies | Android Developers. <a href="http://developer.android.com/guide/topics/location/strategies.html">http://developer.android.com/guide/topics/location/strategies.html</a>.

[11]

2022. Monetize, advertise and analyze Android apps | AppBrain.com. <a href="https://www.appbrain.com/">https://www.appbrain.com/</a>

[12]

2022b. Quantile normalization. <a href="https://en.wikipedia.org/wiki/Quantile_normalization">https://en.wikipedia.org/wiki/Quantile_normalization</a>.

[13]

2022. scikit-learn: machine learning in Python - scikit-learn 0.23.2 documentation. <a href="https://scikit-learn.org/stable/">https://scikit-learn.org/stable/</a>

[14]

2022c. Softmax function. <a href="https://en.wikipedia.org/wiki/Softmax_function">https://en.wikipedia.org/wiki/Softmax_function</a>.

[15]

2022. soot-oss/soot: Soot - A Java optimization framework. <a href="https://github.com/soot-oss/soot">https://github.com/soot-oss/soot</a>

[16]

Uri Alon, Meital Zilberstein, Omer Levy, and Eran Yahav. 2019. code2vec: Learning distributed representations of code. Proceedings of the ACM on Programming Languages 3, POPL (2019), 1--29.

Digital Library

[17]

Shahriyar Amini, Janne Lindqvist, Jason Hong, Jialiu Lin, Eran Toch, and Norman Sadeh. 2011. Caché: caching location-enhanced content to improve user privacy. In Proceedings of the 9th international conference on Mobile systems, applications, and services. 197--210.

Digital Library

[18]

Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. 2020. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck. In 29th USENIX Security Symposium (USENIX Security 20). 985--1002.

[19]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49, 6 (2014), 259--269.

Digital Library

[20]

Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2015. Mining apps for abnormal usage of sensitive data. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 426--436.

[21]

David Azcona, Piyush Arora, I-Han Hsiao, and Alan Smeaton. 2019. user2code2vec: Embeddings for profiling students based on distributional representations of source code. In Proceedings of the 9th International Conference on Learning Analytics & Knowledge. 86--95.

Digital Library

[22]

Michael Backes, Sven Bugiel, and Erik Derr. 2016. Reliable third-party library detection in android and its security applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 356--367.

Digital Library

[23]

Gogul Balakrishnan and Thomas Reps. 2004. Analyzing memory accesses in x86 executables. In International conference on compiler construction. Springer, 5--23.

[24]

Tal Ben-Nun, Alice Shoshana Jakobovits, and Torsten Hoefler. 2018. Neural code comprehension: A learnable representation of code semantics. In Advances in Neural Information Processing Systems. 3585--3597.

[25]

Alastair R Beresford, Andrew Rice, Nicholas Skehin, and Ripduman Sohan. 2011. Mockdroid: trading privacy for application functionality on smartphones. In Proceedings of the 12th workshop on mobile computing systems and applications. 49--54.

Digital Library

[26]

Claudio Bettini, X Sean Wang, and Sushil Jajodia. 2005. Protecting privacy against location-based personal identification. In Workshop on Secure Data Management. Springer, 185--199.

Digital Library

[27]

Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, and Denys Poshyvanyk. 2018. Discovering flaws in security-focused static analysis tools for android using systematic mutation. In 27th USENIX Security Symposium (USENIX Security 18). 1263--1280.

[28]

CCPA. 2019. California Consumer Privacy Act. <a href="https://reciprocity.com/california-consumer-privacy-act-ccpa/">https://reciprocity.com/california-consumer-privacy-act-ccpa/</a>.

[29]

Anne SY Cheung. 2014. Location privacy: The challenges of mobile service devices. Computer Law & Security Review 30, 1 (2014), 41--54.

[30]

Hyunwoo Choi, Jeongmin Kim, Hyunwook Hong, Yongdae Kim, Jonghyup Lee, and Dongsu Han. 2015. Extractocol: Automatic extraction of application-level protocol behaviors for android applications. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication. 593--594.

Digital Library

[31]

Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, and Giovanni Vigna. 2017. Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In NDSS.

[32]

Jonathan Crussell, Ryan Stevens, and Hao Chen. 2014. Madfraud: Investigating ad fraud in android applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services. 123--134.

Digital Library

[33]

Yves-Alexandre De Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3 (2013), 1376.

[34]

Daniel DeFreez, Aditya V Thakur, and Cindy Rubio-González. 2018. Path-based function embedding and its application to specification mining. arXiv preprint arXiv:1802.07779 (2018).

[35]

Google Developers. 2022. Fused Location Provider API. <a href="https://developers.google.com/location-context/fused-location-provider">https://developers.google.com/location-context/fused-location-provider</a>.

[36]

Steven HH Ding, Benjamin CM Fung, and Philippe Charland. 2019. Asm2vec: Boosting static representation robustness for binary clone search against code obfuscation and compiler optimization. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 472--489.

[37]

Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin. 2020. DEEPBINDIFF: Learning Program-Wide Code Representations for Binary Diffing. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS'20).

[38]

Martin Ester, Hans-Peter Kriegel, Jörg Sander, Xiaowei Xu, et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise. In Kdd, Vol. 96. 226--231.

Digital Library

[39]

Kassem Fawaz, Huan Feng, and Kang G Shin. 2015. Anatomization and Protection of Mobile ${$Apps'$}$ Location Privacy Threats. In 24th USENIX Security Symposium (USENIX Security 15). 753--768.

[40]

Kassem Fawaz and Kang G Shin. 2014. Location privacy protection for smartphone users. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 239--250.

Digital Library

[41]

Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. 2016. Scalable graph-based bug search for firmware images. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 480--491.

Digital Library

[42]

George Fourtounis, Leonidas Triantafyllou, and Yannis Smaragdakis. 2020. Identifying java calls in native code via binary scanning. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. 388--400.

Digital Library

[43]

Julien Gamba, Mohammed Rashed, Abbas Razaghpanah, Juan Tapiador, and Narseo Vallina-Rodriguez. 2020. An analysis of pre-installed android software. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1039--1055.

[44]

GDPR. 2022. Art.5: Principles relating to processing of personal data. <a href="https://gdpr-info.eu/art-5-gdpr/">https://gdpr-info.eu/art-5-gdpr/</a>.

[45]

Clint Gibler, Ryan Stevens, Jonathan Crussell, Hao Chen, Hui Zang, and Heesook Choi. 2013. Adrob: Examining the landscape and impact of android application plagiarism. In Proceeding of the 11th annual international conference on Mobile systems, applications, and services. 431--444.

[46]

Inc Google. 2022. Android location in the background. <a href="https://developer.android.com/training/location/background">https://developer.android.com/training/location/background</a>

[47]

Jennifer Stisa Granick. 2020. Apple and Google Announced a Coronavirus Tracking System. How Worried Should We Be? <a href="https://www.aclu.org/news/privacy-technology/apple-and-google-announced-a-coronavirus-tracking-system-how-worried-should-we-be/">https://www.aclu.org/news/privacy-technology/apple-and-google-announced-a-coronavirus-tracking-system-how-worried-should-we-be/</a>.

[48]

Wenbo Guo, Dongliang Mu, Xinyu Xing, Min Du, and Dawn Song. 2019. ${$DEEPVSA$}$: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis. In 28th USENIX Security Symposium (USENIX Security 19). 1787--1804.

[49]

Peter E Hart, David G Stork, and Richard O Duda. 2000. Pattern classification. Wiley Hoboken.

[50]

Marti A. Hearst, Susan T Dumais, Edgar Osuna, John Platt, and Bernhard Scholkopf. 1998. Support vector machines. IEEE Intelligent Systems and their applications 13, 4 (1998), 18--28.

Digital Library

[51]

Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall. 2011. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security. 639--652.

Digital Library

[52]

Ethan Katz-Bassett, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas Anderson, and Yatin Chawathe. 2006. Towards IP Geolocation Using Delay and Topology Measurements. In Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement (IMC '06). ACM, New York, NY, USA, 71--84. <a href="https://doi.org/10.1145/1177080.1177090">https://doi.org/10.1145/1177080.1177090</a>

Digital Library

[53]

Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. ImageNet Classification with Deep Convolutional Neural Networks. In Advances in Neural Information Processing Systems 25, F. Pereira, C. J. C. Burges, L. Bottou, and K. Q. Weinberger (Eds.). Curran Associates, Inc., 1097--1105. <a href="http://papers.nips.cc/paper/4824-imagenet-classification-with-deep-convolutional-neural-networks.pdf">http://papers.nips.cc/paper/4824-imagenet-classification-with-deep-convolutional-neural-networks.pdf</a>

Digital Library

[54]

John Krumm. 2007. Inference attacks on location tracks. In International Conference on Pervasive Computing. Springer, 127--143.

Digital Library

[55]

Sungho Lee, Julian Dolby, and Sukyoung Ryu. 2016. HybriDroid: static analysis framework for Android hybrid applications. In 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 250--261.

Digital Library

[56]

Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2015. Iccta: Detecting inter-component privacy leaks in android apps. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 280--291.

[57]

Li Li, Tegawendé F Bissyandé, Jacques Klein, and Yves Le Traon. 2016a. An investigation into the use of common libraries in android apps. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), Vol. 1. IEEE, 403--414.

[58]

Li Li, Tegawendé F Bissyandé, Damien Octeau, and Jacques Klein. 2016b. Droidra: Taming reflection to support whole-program analysis of android apps. In Proceedings of the 25th International Symposium on Software Testing and Analysis. 318--329.

Digital Library

[59]

Menghao Li, Wei Wang, Pei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, and Wei Huo. 2017. LibD: scalable and precise third-party library detection in android markets. In 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). IEEE, 335--346.

Digital Library

[60]

Bin Liu, Bin Liu, Hongxia Jin, and Ramesh Govindan. 2015. Efficient privilege de-escalation for ad libraries in mobile apps. In Proceedings of the 13th annual international conference on mobile systems, applications, and services. 89--103.

Digital Library

[61]

Bo Liu, Wanlei Zhou, Tianqing Zhu, Longxiang Gao, and Yong Xiang. 2018. Location privacy and its applications: A systematic study. IEEE access 6 (2018), 17606--17624.

[62]

Dachuan Liu, Xing Gao, and Haining Wang. 2017. Location privacy breach: Apps are watching you in background. In 2017 IEEE 37th international conference on distributed computing systems (ICDCS). IEEE, 2423--2429.

[63]

Wei-Yin Loh. 2014. Fifty years of classification and regression trees. International Statistical Review 82, 3 (2014), 329--348.

[64]

Kangjie Lu, Zhichun Li, Vasileios P Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang. 2015. Checking more and alerting less: detecting privacy leakages via enhanced data-flow analysis and peer voting. In NDSS.

[65]

Ziang Ma, Haoyu Wang, Yao Guo, and Xiangqun Chen. 2016. LibRadar: fast and accurate detection of third-party libraries in Android apps. In Proceedings of the 38th international conference on software engineering companion. 653--656.

Digital Library

[66]

Abner Mendoza and Guofei Gu. 2018. Mobile application web api reconnaissance: Web-to-mobile inconsistencies & vulnerabilities. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 756--769.

[67]

Joseph Meyerowitz and Romit Roy Choudhury. 2009. Hiding stars with fireworks: location privacy through camouflage. In Proceedings of the 15th annual international conference on Mobile computing and networking. 345--356.

Digital Library

[68]

Marvin Minsky. 1961. Steps toward artificial intelligence. Proceedings of the IRE 49, 1 (1961), 8--30.

[69]

Vijayaraghavan Murali, Letao Qi, Swarat Chaudhuri, and Chris Jermaine. 2017. Neural sketch learning for conditional program generation. arXiv preprint arXiv:1703.05698 (2017).

[70]

Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, and Matthew Smith. 2017. Why do developers get password storage wrong? A qualitative usability study. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 311--328.

Digital Library

[71]

Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, and XiaoFeng Wang. 2015. Uipicker: User-input privacy identification in mobile applications. In 24th USENIX Security Symposium (USENIX Security 15). 993--1008.

Digital Library

[72]

Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. 2016. Identifying user-input privacy in mobile applications at a large scale. IEEE Transactions on Information Forensics and Security 12, 3 (2016), 647--661.

Digital Library

[73]

Trong Duc Nguyen, Anh Tuan Nguyen, Hung Dang Phan, and Tien N Nguyen. 2017. Exploring API embedding for API usages and applications. In 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). IEEE, 438--449.

Digital Library

[74]

Marten Oltrogge, Erik Derr, Christian Stransky, Yasemin Acar, Sascha Fahl, Christian Rossow, Giancarlo Pellegrino, Sven Bugiel, and Michael Backes. 2018. The rise of the citizen developer: Assessing the security impact of online app generators. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 634--647.

[75]

Xiang Pan, Yinzhi Cao, Xuechao Du, Boyuan He, Gan Fang, Rui Shao, and Yan Chen. 2018. Flowcog: context-aware semantics extraction and analysis of information flow leaks in android apps. In 27th USENIX Security Symposium (USENIX Security 18). 1669--1685.

[76]

Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. 2013. ${$WHYPER$}$: Towards automating risk assessment of mobile applications. In 22nd USENIX Security Symposium (USENIX Security 13). 527--542.

[77]

Leif E Peterson. 2009. K-nearest neighbor. Scholarpedia 4, 2 (2009), 1883.

[78]

Aniket Pingley, Nan Zhang, Xinwen Fu, Hyeong-Ah Choi, Suresh Subramaniam, and Wei Zhao. 2011. Protection of query privacy for continuous location based services. In 2011 Proceedings IEEE INFOCOM. IEEE, 1710--1718.

[79]

Ingmar Poese, Steve Uhlig, Mohamed Ali Kaafar, Benoit Donnet, and Bamba Gueye. 2011. IP Geolocation Databases: Unreliable? SIGCOMM Comput. Commun. Rev. 41, 2 (April 2011), 53--56. 0146--4833 <a href="https://doi.org/10.1145/1971162.1971171">https://doi.org/10.1145/1971162.1971171</a>

Digital Library

[80]

Vincent Primault, Antoine Boutet, Sonia Ben Mokhtar, and Lionel Brunie. 2018. The long road to computational location privacy: A survey. IEEE Communications Surveys & Tutorials 21, 3 (2018), 2772--2793.

[81]

Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, and Phillipa Gill. 2018. Apps, trackers, privacy, and regulators: A global study of the mobile tracking ecosystem. (2018).

[82]

Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, and Serge Egelman. 2019. 50 ways to leak your data: An exploration of apps' circumvention of the android permissions system. In 28th USENIX Security Symposium (USENIX Security 19). 603--620.

[83]

Kimberly Redmond, Lannan Luo, and Qiang Zeng. 2018. A cross-architecture instruction embedding model for natural language processing-inspired binary code analysis. arXiv preprint arXiv:1812.09652 (2018).

[84]

Jingjing Ren, Martina Lindorfer, Daniel J Dubois, Ashwin Rao, David Choffnes, and Narseo Vallina-Rodriguez. 2018. A longitudinal study of pii leaks across android app versions. In Network and Distributed System Security Symposium (NDSS).

[85]

Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, and David Choffnes. 2016. Recon: Revealing and controlling pii leaks in mobile network traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. 361--374.

Digital Library

[86]

Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. 2018. "Won't somebody think of the children?" examining COPPA compliance at scale. (2018).

[87]

Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawendé F Bissyandé, and Jacques Klein. 2021. JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis. arXiv preprint arXiv:2112.10469 (2021).

[88]

Sam Schechner, Emily Glazer, and Patience Haggin. 2019. Political Campaigns Know Where You've Been. They're Tracking Your Phone. <a href="https://www.wsj.com/articles/political-campaigns-track-cellphones-to-identify-and-target-individual-voters-11570718889">https://www.wsj.com/articles/political-campaigns-track-cellphones-to-identify-and-target-individual-voters-11570718889</a>

[89]

Yun Shen and Gianluca Stringhini. 2019. Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks. In 28th USENIX Security Symposium (USENIX Security 19). 905--921.

[90]

Wei Song, Heng Yin, Chang Liu, and Dawn Song. 2018. Deepmem: Learning graph neural network models for fast and robust memory forensic analysis. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 606--618.

Digital Library

[91]

Ryan Stevens, Clint Gibler, Jon Crussell, Jeremy Erickson, and Hao Chen. 2012. Investigating user privacy in android ad libraries. In Workshop on Mobile Security Technologies (MoST), Vol. 10. Citeseer.

[92]

Anselm Strauss and Juliet Corbin. 1990. Basics of qualitative research. Sage publications.

[93]

Jennifer Valentino-DeVries, Natasha Singer, Michael H Keller, and Aaron Krolik. 2018. Your apps know where you were last night, and they're not keeping it secret. New York Times 10 (2018).

[94]

Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, JinWei Dong, Nicolas Serrano, Haoran Lu, XiaoFeng Wang, et al. 2021. Understanding malicious cross-library data harvesting on android. In 30th USENIX Security Symposium (USENIX Security 21). 4133--4150.

[95]

Fengguo Wei, Sankardas Roy, and Xinming Ou. 2014. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 1329--1341.

Digital Library

[96]

Haohuang Wen, Qingchuan Zhao, Zhiqiang Lin, Dong Xuan, and Ness Shroff. 2020. A Study of the Privacy of COVID-19 Contact Tracing Apps. In International Conference on Security and Privacy in Communication Networks.

[97]

Daoyuan Wu, Debin Gao, Robert H Deng, and Chang Rocky KC. 2021. When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid. In 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 543--554.

[98]

Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, and Dawn Song. 2017. Neural network-based graph embedding for cross-platform binary code similarity detection. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 363--376.

Digital Library

[99]

Hui Zang and Jean Bolot. 2011. Anonymization of location data does not work: A large-scale measurement study. In Proceedings of the 17th annual international conference on Mobile computing and networking. 145--156.

Digital Library

[100]

Qingchuan Zhao, Haohuang Wen, Zhiqiang Lin, Dong Xuan, and Ness Shroff. 2020. On the Accuracy of Measured Proximity of Bluetooth-based Contact Tracing Apps. In International Conference on Security and Privacy in Communication Networks.

[101]

Qingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino, and Zhiqiang Lin. 2019. Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services. In Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS'19). San Diego, CA.

[102]

Sebastian Zimmeck, Peter Story, Daniel Smullen, Abhilasha Ravichander, Ziqi Wang, Joel R Reidenberg, N Cameron Russell, and Norman Sadeh. 2019. Maps: Scaling privacy compliance analysis to a million apps. Proc. Priv. Enhancing Tech. 2019 (2019), 66.

[103]

Fei Zuo, Xiaopeng Li, Patrick Young, Lannan Luo, Qiang Zeng, and Zhexin Zhang. 2018. Neural machine translation inspired binary code similarity comparison beyond function pairs. arXiv preprint arXiv:1808.04706 (2018).

Cited By

Chen YTang RZuo CZhang XXue LLuo XZhao QRoychoudhury APaiva AAbreu RStorey M(2024)Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android AppsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623317(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623317
Manthena RPavuluri SAnnamalai S(2024)Route Chat Connect: Empowering Collaborative Travel Planning and Social Connection2024 2nd International Conference on Networking and Communications (ICNWC)10.1109/ICNWC60771.2024.10537282(1-9)Online publication date: 2-Apr-2024
https://doi.org/10.1109/ICNWC60771.2024.10537282
Manthena RPavuluri SAnnamalai S(2023)Unified Voyage: Enhancing collaborative group travel planning and coordinationProceedings of the 5th International Conference on Information Management & Machine Intelligence10.1145/3647444.3647872(1-8)Online publication date: 23-Nov-2023
https://dl.acm.org/doi/10.1145/3647444.3647872
Show More Cited By

Index Terms

Detecting and Measuring Aggressive Location Harvesting in Mobile Apps via Data-flow Path Embedding
1. Security and privacy
  1. Software and application security
    1. Software security engineering
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Detecting and Measuring Aggressive Location Harvesting in Mobile Apps via Data-flow Path Embedding
SIGMETRICS '23: Abstract Proceedings of the 2023 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems

Today, location-based services have become prevalent in the mobile platform, where mobile apps provide specific services to a user based on his or her location. Unfortunately, mobile apps can aggressively harvest location data with much higher accuracy ...
Detecting and Measuring Aggressive Location Harvesting in Mobile Apps via Data-flow Path Embedding
SIGMETRICS '23

Today, location-based services have become prevalent in the mobile platform, where mobile apps provide specific services to a user based on his or her location. Unfortunately, mobile apps can aggressively harvest location data with much higher accuracy ...
Serving Mobile Apps: A Slice at a Time
EuroSys '19: Proceedings of the Fourteenth EuroSys Conference 2019

End users wanting to do more and more with mobile apps has led to explosive growth in the number of available apps. This has widened the gap between developers making apps available and end users being able to install all the apps they want on their ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 7, Issue 1

POMACS

March 2023

749 pages

EISSN:2476-1249

DOI:10.1145/3586099

Editors:
Augustin Chaintreau
Columbia University
,
Leana Golubchik
University of Southern California, United States
,
Zhi-Li Zhang
University of Minnesota, United States

Issue’s Table of Contents

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 March 2023

Published in POMACS Volume 7, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
341
Total Downloads

Downloads (Last 12 months)235
Downloads (Last 6 weeks)36

Reflects downloads up to 13 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen YTang RZuo CZhang XXue LLuo XZhao QRoychoudhury APaiva AAbreu RStorey M(2024)Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android AppsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623317(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623317
Manthena RPavuluri SAnnamalai S(2024)Route Chat Connect: Empowering Collaborative Travel Planning and Social Connection2024 2nd International Conference on Networking and Communications (ICNWC)10.1109/ICNWC60771.2024.10537282(1-9)Online publication date: 2-Apr-2024
https://doi.org/10.1109/ICNWC60771.2024.10537282
Manthena RPavuluri SAnnamalai S(2023)Unified Voyage: Enhancing collaborative group travel planning and coordinationProceedings of the 5th International Conference on Information Management & Machine Intelligence10.1145/3647444.3647872(1-8)Online publication date: 23-Nov-2023
https://dl.acm.org/doi/10.1145/3647444.3647872
Tang FØstvold B(2023)Transparency in App Analytics: Analyzing the Collection of User Interaction Data2023 20th Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST58708.2023.10320181(1-10)Online publication date: 21-Aug-2023
https://doi.org/10.1109/PST58708.2023.10320181

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents