Privacy Guard – Let’s evaluate privacy risks caused by the apps installed on our device

Pierluigi Paganini March 16, 2017

Privacy Guard is an Android app that evaluates the risks of data privacy relying on the permissions requested by the apps installed on a device.

Mobile devices collect a large volume of personal information that could be used for malicious purposes by adversaries. In order to increase the awareness of user towards the possibility of data leakage and the importance of protecting personal data stored in smartphones, we developed: ‘Privacy Guard.

Privacy Guard is an Android app that evaluates the risks of data privacy relying on the permissions requested by the apps installed on a device.

Privacy Guard was developed at Iswatlab (http://www.iswatlab.eu/?page_id=499), the cyber security lab of the Department of Engineering of the University of Sannio (Italy), from an idea of and under the supervision of Corrado Aaron Visaggio, which is the responsible of the lab and: Antonio Altieri, Fabrizio Giorgione, Alfredo Nazzaro, and Assunta Oropallo.

On the basis of our studies on malicious apps that exfiltrate sensitive data (http://www.iswatlab.eu/?p=461), we found out that both trusted apps and malicious apps take a lot of sensitive data. Such data can be then used for different purposes that produce revenue for the adversary who obtained it: to sell user’s profile to a third party for marketing purposes, to feed OSINT platforms, to realize identity thefts or for accomplishing frauds and scams.

The point is that the user grants those permissions which allow the data exfiltration when installs the application on the device. The core problem is that the common user ignores completely the kind of permissions that are granted, and, what is more severe, ignores which risk a certain combination of permissions exposes her privacy too.

If an app requires the permission to send SMS and the permission to read contacts, SMS, and some other personal identifiable information stored in the device, it exposes the user to the possibility that the app sends that sensitive information to a third party by SMS.

Relying on such observations, we created a model that identifies which apps have the most dangerous combination of permssions for data privacy.

It is important to remark that Privacy Guard does not evaluate if a data exfiltration happens on a device, but it just identifies those apps which require a combination of permissions that can be strong indicators of activities that affect data privacy preservation.

Privacy Guard is intended to first monitor the potential risks for a user’s data privacy and, as second aim, to stimulate and increase the awareness of user towards the kind of apps she installs on her device, from a security perspective.

Let’s now look at how Privacy Guard works.

Permissions have been grouped into categories and each permission has been assigned a score, ranging from 1 to 10, to describe its dangerousness.

The permissions have been divided into four categories:

  1. Hardware permissions: every permission which requests a direct access to a hardware device;
  2. Data access permissions: every permission which requests a direct access to data stored on the devices;
  3. Communication permissions: every permission which gives the chance to send information either over a network or to another device.
  4. System permissions: every permission which can be requested only by system applications.

To compute a value representing applications’ data leakage capabilities the followed formula has been developed:

                                                                (1) (Hn*Wh +Dn * Wd) * MAX(C)

  • Hn : the normalized sum of hardware permissions’ score requested by an application;
  • Dn: the normalized sum of data permissions’ score requested by an application;
  • MAX(C): the maximum value among the communication permissions requested by an application;
  • Wh: weight assigned to hardware permissions. After empirical considerations, it has been assigned the value 3;
  • Wd: weight assigned to data permissions. After empirical considerations, it has been assigned the value 7.

However, (1) to represent data leakage capabilities of applications is not enough: some permissions are far more dangerous if used in combination with other permissions. In order to take this into account, the hardware and data access categories have been divided into sub-categories:

Network access                                                             Data Acquisition

Change hardware configuration                               Personal data access

Non-combinable

The communication permissions have been divided considering range and bandwidth. Every combination of this subcategories was considered, assigning a score, ranging from 1 to 10, to each combination. These values act as a penalty to the base score.range and bandwidth. Every combination of this subcategories was considered, assigning a score, ranging from 1 to 10, to each combination. These values act as a penalty to the base score.range and bandwidth. Every combination of .range and bandwidth. Every combination of this subcategories was considered, assigning a score, ranging from 1 to 10, to each combination. These values act as a penalty to the base score.

First of all the application shows a message to synthesize the results and the list of all the applications with the related data leakage score, while if there are one or more applications that exceed a certain threshold, at the top of screen will be shown a message that indicates the number of applications that exceed this value.

Privacy Guard

It’s possible to explore the details of each app. Privacy Guard shows the list of all the activated permissions with a brief description. If one application requires a permission particularly suspect, the application shows a warning to explain at the user how that permission can be used for malicious purposes.

Privacy Guard

 

It’s possible to explore the details of each app. Privacy Guard shows the list of all the activated permissions with a brief description. If one application requires a permission particularly suspect, the application shows a warning to explain at the user how that permission can be used for malicious purposes.

It’s possible to conduct the analysis only on the user’s application or including all the system’s applications. Privacy Guard is available on the in the Play Store at the following address

https://play.google.com/store/apps/details?id=com.ssr.privacyguard.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Privacy Guard , mobile)



you might also like

leave a comment