TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps

Huajun Cui; Guozhu Meng; Yan Zhang; Weiping Wang; Dali Zhu; Ting Su; Xiaodong Zhang; Yuejun Li

doi:10.1007/978-3-031-17551-0_35

TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps

Huajun Cui
, Guozhu Meng
, Yan Zhang^*
, Weiping Wang
, Dali Zhu
, Ting Su
, Xiaodong Zhang
, Yuejun Li

^*此作品的通讯作者

软件工程学院

CAS - Institute of Information Engineering
University of Chinese Academy of Sciences

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

4 引用（Scopus）

摘要

Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.

源语言	英语
主期刊名	Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers
编辑	Chunhua Su, Kouichi Sakurai, Feng Liu
出版商	Springer Science and Business Media Deutschland GmbH
页	541-556
页数	16
ISBN（印刷版）	9783031175503
DOI	https://doi.org/10.1007/978-3-031-17551-0_35
出版状态	已出版 - 2022
活动	4th International Conference on Science of Cyber Security, SciSec 2022 - Matsue, 日本期限: 10 8月 2022 → 12 8月 2022

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	13580 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	4th International Conference on Science of Cyber Security, SciSec 2022
国家/地区	日本
市	Matsue
时期	10/08/22 → 12/08/22

访问文件

10.1007/978-3-031-17551-0_35

其它文件与链接

链接到 Scopus 的出版物

引用此

Cui, H., Meng, G., Zhang, Y., Wang, W., Zhu, D., Su, T., Zhang, X., & Li, Y. (2022). TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. 在 C. Su, K. Sakurai, & F. Liu (编辑), Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers (页码 541-556). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13580 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-17551-0_35

Cui, Huajun ; Meng, Guozhu ; Zhang, Yan 等. / TraceDroid : A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. 编辑 / Chunhua Su ; Kouichi Sakurai ; Feng Liu. Springer Science and Business Media Deutschland GmbH, 2022. 页码 541-556 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{cdd2acd47e7347e1b18f3dff46ae9dfb,

title = "TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps",

abstract = "Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45\% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.",

keywords = "Android, Network traffic, Privacy, Third-party library",

author = "Huajun Cui and Guozhu Meng and Yan Zhang and Weiping Wang and Dali Zhu and Ting Su and Xiaodong Zhang and Yuejun Li",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 4th International Conference on Science of Cyber Security, SciSec 2022 ; Conference date: 10-08-2022 Through 12-08-2022",

year = "2022",

doi = "10.1007/978-3-031-17551-0\_35",

language = "英语",

isbn = "9783031175503",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "541--556",

editor = "Chunhua Su and Kouichi Sakurai and Feng Liu",

booktitle = "Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers",

address = "德国",

}

Cui, H, Meng, G, Zhang, Y, Wang, W, Zhu, D, Su, T, Zhang, X & Li, Y 2022, TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. 在 C Su, K Sakurai & F Liu (编辑), Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 13580 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 541-556, 4th International Conference on Science of Cyber Security, SciSec 2022, Matsue, 日本, 10/08/22. https://doi.org/10.1007/978-3-031-17551-0_35

TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. / Cui, Huajun; Meng, Guozhu; Zhang, Yan 等.
Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. 编辑 / Chunhua Su; Kouichi Sakurai; Feng Liu. Springer Science and Business Media Deutschland GmbH, 2022. 页码 541-556 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13580 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - TraceDroid

T2 - 4th International Conference on Science of Cyber Security, SciSec 2022

AU - Cui, Huajun

AU - Meng, Guozhu

AU - Zhang, Yan

AU - Wang, Weiping

AU - Zhu, Dali

AU - Su, Ting

AU - Zhang, Xiaodong

AU - Li, Yuejun

PY - 2022

Y1 - 2022

N2 - Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.

AB - Network traffic analysis is an appealing approach for the security auditing of mobile apps. Prior research employs various techniques (e.g., Man-in-the-Middle, TCPDUMP) to capture network traffic from apps and further recognize security/privacy risks inside. However, these techniques suffer from limitations such as traffic mixing, proxy evasion, and SSL pinning. Possible solutions are to modify and customize the Android system. However, existing studies are mainly based on Android OS 6/7. Contemporary apps generally cannot work properly on these archaic Android OS, which has become a stumbling block for further traffic analysis research. To address the above problems, we propose a new network traffic analysis framework-TraceDroid. We first leverage the dynamic hooking technique to hook the critical functions for sending network requests, and then save the request data along with code execution traces. Besides, TraceDroid proposes an unsupervised way to identify third-party libraries (TPLs) inside apps for facilitating the liability analysis between apps and TPLs. Utilizing TraceDroid, we conduct a large-scale experiment on 9,771 real-world apps to make an empirical study of the status quo of privacy leakage. Our findings show that TPLs account for 44.45% of privacy leakage in contemporary apps, and files transmitted from user devices contain much more detailed privacy data than network requests. We bring to light the over-data harvest and cross-library data harvest issues in apps. Furthermore, we unveil the relationship between TPLs and their visiting domains that previous research has never discussed.

KW - Android

KW - Network traffic

KW - Privacy

KW - Third-party library

UR - https://www.scopus.com/pages/publications/85140477385

U2 - 10.1007/978-3-031-17551-0_35

DO - 10.1007/978-3-031-17551-0_35

M3 - 会议稿件

AN - SCOPUS:85140477385

SN - 9783031175503

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 541

EP - 556

BT - Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers

A2 - Su, Chunhua

A2 - Sakurai, Kouichi

A2 - Liu, Feng

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 10 August 2022 through 12 August 2022

ER -

Cui H, Meng G, Zhang Y, Wang W, Zhu D, Su T 等. TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps. 在 Su C, Sakurai K, Liu F, 编辑, Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2022. 页码 541-556. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-17551-0_35

TraceDroid: A Robust Network Traffic Analysis Framework for Privacy Leakage in Android Apps

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此