Analyzing User Awareness of Privacy Data Leak in Mobile Applications

To overcome the resource and computing power limitation of mobile devices in Internet of Things (IoT) era, a cloud computing provides an effective platform without human intervention to build a resource-oriented security solution. However, existing malware detection methods are constrained by a vague situation of information leaks. The main goal of this paper is to measure a degree of hiding intention for the mobile application (app) to keep its leaking activity invisible to the user. For real-world application test, we target Android applications, which unleash user privacy data. With the Taint Droid-ported emulator, wemake experiments about the timing distance between user events and privacy leaks. Our experiments with Android apps downloaded from the Google Play show that most of leak cases are driven by user explicit events or implicit user involvement which make the user aware of the leakage. Those findings can assist a malware detection system in reducing the rate of false positive by considering malicious intentions. From the experiment, we understand better about app's internal operations as well. As a case study, we also presents a cloud-based dynamic analysis framework to perform a traffic monitor.