TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps

Huajun Cui; Guozhu Meng; Yan Zhang; Weiping Wang; Dali Zhu; Ting Su; Xiaodong Zhang; Yuejun Li

doi:10.1007/978-3-031-17551-0_35

TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps

Huajun Cui, Guozhu Meng, Yan Zhang, Weiping Wang, Dali Zhu, Ting Su, Xiaodong Zhang, Yuejun Li

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.

Original language	English
Title of host publication	Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers
Editors	Chunhua Su, Kouichi Sakurai, Feng Liu
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	541-556
Number of pages	16
ISBN (Print)	9783031175503
DOIs	https://doi.org/10.1007/978-3-031-17551-0_35
State	Published - 2022
Event	4th International Conference on Science of Cyber Security, SciSec 2022 - Matsue, Japan Duration: 10 Aug 2022 → 12 Aug 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13580 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	4th International Conference on Science of Cyber Security, SciSec 2022
Country/Territory	Japan
City	Matsue
Period	10/08/22 → 12/08/22

Keywords

Android
Network traffic
Privacy
Third-party library

Access to Document

10.1007/978-3-031-17551-0_35

Cite this

Cui, H., Meng, G., Zhang, Y., Wang, W., Zhu, D., Su, T., Zhang, X., & Li, Y. (2022). TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. In C. Su, K. Sakurai, & F. Liu (Eds.), Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers (pp. 541-556). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13580 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-17551-0_35

Cui, Huajun ; Meng, Guozhu ; Zhang, Yan et al. / TraceDroid : A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. editor / Chunhua Su ; Kouichi Sakurai ; Feng Liu. Springer Science and Business Media Deutschland GmbH, 2022. pp. 541-556 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{cdd2acd47e7347e1b18f3dff46ae9dfb,

title = "TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps",

abstract = "Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45\% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.",

keywords = "Android, Network traffic, Privacy, Third-party library",

author = "Huajun Cui and Guozhu Meng and Yan Zhang and Weiping Wang and Dali Zhu and Ting Su and Xiaodong Zhang and Yuejun Li",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 4th International Conference on Science of Cyber Security, SciSec 2022 ; Conference date: 10-08-2022 Through 12-08-2022",

year = "2022",

doi = "10.1007/978-3-031-17551-0\_35",

language = "英语",

isbn = "9783031175503",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "541--556",

editor = "Chunhua Su and Kouichi Sakurai and Feng Liu",

booktitle = "Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers",

address = "德国",

}

Cui, H, Meng, G, Zhang, Y, Wang, W, Zhu, D, Su, T, Zhang, X & Li, Y 2022, TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. in C Su, K Sakurai & F Liu (eds), Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13580 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 541-556, 4th International Conference on Science of Cyber Security, SciSec 2022, Matsue, Japan, 10/08/22. https://doi.org/10.1007/978-3-031-17551-0_35

TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. / Cui, Huajun; Meng, Guozhu; Zhang, Yan et al.
Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. ed. / Chunhua Su; Kouichi Sakurai; Feng Liu. Springer Science and Business Media Deutschland GmbH, 2022. p. 541-556 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13580 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - TraceDroid

T2 - 4th International Conference on Science of Cyber Security, SciSec 2022

AU - Cui, Huajun

AU - Meng, Guozhu

AU - Zhang, Yan

AU - Wang, Weiping

AU - Zhu, Dali

AU - Su, Ting

AU - Zhang, Xiaodong

AU - Li, Yuejun

PY - 2022

Y1 - 2022

N2 - Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.

AB - Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.

KW - Android

KW - Network traffic

KW - Privacy

KW - Third-party library

UR - https://www.scopus.com/pages/publications/85140477385

U2 - 10.1007/978-3-031-17551-0_35

DO - 10.1007/978-3-031-17551-0_35

M3 - 会议稿件

AN - SCOPUS:85140477385

SN - 9783031175503

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 541

EP - 556

BT - Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers

A2 - Su, Chunhua

A2 - Sakurai, Kouichi

A2 - Liu, Feng

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 10 August 2022 through 12 August 2022

ER -

Cui H, Meng G, Zhang Y, Wang W, Zhu D, Su T et al. TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. In Su C, Sakurai K, Liu F, editors, Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2022. p. 541-556. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-17551-0_35