用户友好的Android隐私监管机制

针对安卓(Android)应用过度授权导致的隐私泄露问题,提出了一种用户友好的Android隐私监管机制UFMDroid。该机制使用服务代理重定向技术在Android控制流中插入隐私行为监控和细粒度运行时资源约束模块。UFMDroid通过对安卓市场已有软件的权限进行分层聚类和欧几里得距离度量以构建各类应用的预置权限轮廓,从而过滤可疑权限。UFMDroid通过计算当前权限配置与预置权限的距离获得应用静态威胁值;通过对涉隐私行为分类,同时考虑不同类别隐私行为的个体威胁和组合威胁,为用户提供应用实时威胁量化值。此外,UFMDroid通过提供虚假数据的方式防止应用因权限撤销引发程序崩溃。实验结果表明,UFMDroid可以成功监控应用对21种隐私数据的获取行为并可按用户配置进行隐私行为实时拦截响应,在一定程度上加强隐私保护。

User-friendly privacy monitoring and management mechanism on Android

To solve the excessive authorization problem of Android, this paper proposed a User-Friendly privacy monitoring and management Mechanism on AnDroid named UFMDroid. Proxy redirect technology was used to implement privacy-related behavior monitoring module and fine-grained resources constraint module in Android control flow. UFMDroid analyzed the existing applications on Android market and constructed a permission profile as preset by hierarchical clustering and Euclidean distance metric to filter suspicious authority. A static threat value could be provided by calculating the distance between the preset and the current permission configuration. The privacy-related behaviors of application were classified and both of the individual threat and combination threat were considered in calculating the dynamic runtime threat value. In addition, fake data mechanism was imported to prevent the application from crashing while the permission was withdrawn. The experimental results show that UFMDroid can monitor the usage of 21 different resources and it can intercept the privacy leakage behaviors in accordance with user configuration. UFMDroid can enhance the security of Android to some extent.