UWSpace is currently experiencing technical difficulties resulting from its recent migration to a new version of its software. These technical issues are not affecting the submission and browse features of the site. UWaterloo community members may continue submitting items to UWSpace. We apologize for the inconvenience, and are actively working to resolve these technical issues.
 

PrivacyGuard: A VPN-Based Approach to Detect Privacy Leakages on Android Devices

Thumbnail Image

Files

Song_Yihang.pdf (3.39 MB)

Date

2015-05-06

Authors

Song, Yihang

Journal Title

Journal ISSN

Volume Title

Publisher

University of Waterloo

Abstract

The Internet is now the most important and efficient way to gain information, and mobile devices are the easiest way to access the Internet. Furthermore, wearable devices, which can be considered to be the next generation of mobile devices, are becoming popular. The more people rely on mobile devices, the more private information about these people can be gathered from their devices. If a device is lost or compromised, much private information is revealed. Although today’s smartphone operating systems are trying to provide a secure environment, they still fail to provide users with adequate control over and visibility into how third-party applications use their private data. The privacy leakage problem on mobile devices is still severe. For example, according a field study [1] done by CMU recently, Android applications track users’ location every three minutes in average. After the PRISM program, a surveillance program done by NSA, is exposed, people are becoming increasingly aware of the mobile privacy leakages. However, there are few tools available to average users for privacy preserving. Most tools developed by recent work have some problems (details can be found in chapter 2). To address these problems, we present PrivacyGuard, an efficient way to simultaneously detect leakage of multiple types of sensitive data, such as a phone’s IMEI number or location data. PrivacyGuard provides real-time protection. It is possible to modify the leaked information and replace it with crafted data to achieve protection. PrivacyGuard is configurable, extensible and useful for other research. We implement PrivacyGuard on the Android platform by taking advantage of the VPNService class provided by the Android SDK. PrivacyGuard does not require root per- missions to run on a device and does not require any knowledge about VPN technology from users either. The VPN server runs on the device locally. No external servers are required. According to our experiments, PrivacyGuard can effectively detect privacy leak- ages of most applications and advertisement libraries with almost no overhead on power consumption and reasonable overhead on network speed.

Description

Keywords

LC Keywords

Citation

URI

http://hdl.handle.net/10012/9316

Collections

Theses
Computer Science