Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New approach uncovers data abuse on mobile end devices

05.07.2012
Increasingly often, mobile applications on web-enabled mobile phones and tablet computers do more than they appear to.

In secrecy, the “apps” forward private data to a third party. Computer scientists from Saarbrücken have developed a new approach to prevent this data abuse. They can put a stop to the data theft through the app “SRT AppGuard”.

The chief attraction: For the protection to work, it is not necessary to identify the suspicious programs in advance, nor must the operating system be changed. Instead, the freely available app attacks the program code of the digital spies.

“My smartphone knows everything about me, starting with my name, my phone number, my e-mail address, my interests, up to my current location,” explains computer science professor Michael Backes, who manages the Center for IT-Security, Privacy and Accountability at Saarland University. “It even knows my friends quite well, as it saves their contact details, too,” says Backes. Therefore he is not surprised that several mobile applications, also known as apps, display simple functionality up front, while in the background, they send the identification number of the device, the personal whereabouts of the user, or even the contact details of friends, colleagues and customers to a server somewhere in the internet.

The producers of anti-virus software have been making vivid predictions of such scenarios for some time now; in the meantime, scientific studies also prove the threat. A study from the University of California in Santa Barbara (US) concluded that among 825 examined apps for the iPhone and its operating system iOS, 21 percent forward the ID number, four percent the current position, and 0.5 percent even copy the address book.

Michael Backes and his team of researchers now bring this abuse to an end. Their approach focuses on Android. It is the most common operating system for smartphones and tablet computers. Developed by the Google software group, this freely available operating system is used by several mobile phone manufacturers, and since November 2011 is activated daily on more than 700,000 devices.

However, Android is known for its rigorous policy on assignment of privileges. If a user wants to install a downloaded app, he learns via a list which access rights to data (location, contacts, photos) and functions (Internet, locating) will be claimed by that app. Now he has two options: Either he accepts all conditions, or the app will not be installed. After the installation, the privileges cannot be revoked. “Moreover, many developers generally claim all rights for their app because the concept of privileges of Android is misleading, but they want to ensure the smooth functioning of their app nevertheless,” explains Philipp von Styp-Rekowsky, PhD student at the chair in IT security and cryptography.

This “sink-or-swim” strategy is put to rest by the researcher from Saarbrücken. The app “SRT AppGuard” based on their approach determines, for every application installed on a smartphone, what it accesses, and shows this information to the user. Privileges can now be revoked or granted to the respective app at any time. The researchers have already published the app on the platform “Google Play”. It can be downloaded there for free. It runs problem-free on Android 3.x.x and higher. The development of the app has been taken on by the enterprise Backes SRT, which was founded by Backes in 2010. It is also located on the campus in Saarbrücken.

Computer Science on the Saarland University Campus
Apart from the Saarland University chair in computer science and the Center for IT-Security, Privacy and Accountability, the German Research Center for Artificial Intelligence, the Max Planck Institute for Computer Science, the Max Planck Institute for Software Systems, the Center for Bioinformatics, the Intel Visual Computing Institute and the Cluster of Excellence on “Multimodal Computing and Interaction” can also be found there.
Technical background

For their approach, the Saarbrücken researchers use the fact that the Android apps work in a so-called virtual machine, which is written in the computer language Java. Therefore the apps are saved on the smartphone as executable “bytecode” after installation. That’s when SRT AppGuard comes into play. While the suspicious app is running, it is checking its bytecode for the security-sensitive instructions, which it had been programmed to do by the experts from Saarbrücken. It adds a special control code in front of the suspect comment or procedure. This is only necessary once, as the secured bytecode replaces the original one afterwards. This overwriting process usually only takes a few seconds and a small number of lines of additional code. The computer scientists have reviewed 13 apps, among them the popular game “Angry Birds”, the music identifying app “Shazam” and the social-media apps “Facebook” and “What’s app”. For the app belonging to the microblogging service Twitter, for example, it needs 16.7 seconds and 48 additional lines of code. “It is just as in an art museum ,” explains Styp-Rekoswky, “Instead of checking every visitor, you only provide the most valuable paintings with an invisible alarm function.”

But the Saarbrücken app can do even more than just providing alerts. It is also able to block suspicious requests or change them so they cannot do any harm. “Thus, we can also prevent the use of known security vulnerabilities of the respective apps or Android operating system,” adds Professor Michael Backes. This possibility is very important if the manufacturer cannot provide security fixes in time,” says the professor.

See also:
The App on Google Play Store
https://play.google.com/store/apps/details?id=com.srt.appguard.mobile

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei and Philipp von Styp-Rekowsky: The Android Monitor – Real-time policy enforcement for third-party applications

http://www.infsec.cs.uni-saarland.de/projects/android-monitor/android-monitor.pdf


Center for IT-Security, Privacy and Accountability (CISPA)
http://www.cispa-security.de

For further information please contact:

Professor Dr. Michael Backes
Chair CISPA
Phone: +49 681 302-3259
E-Mail: backes@cispa.uni-saarland.de

Sebastian Gerling
Administrative manager CISPA
Phone: +49 681 302-57373
E-Mail: sgerling@cispa.uni-saarland.de

Editing:

Gordon Bolduan

Scientific Communicator
Phone: +49 681 302-70741
E-Mail: gbolduan@mmci.uni-saarland.de

Saar - Uni - Presseteam | Universität des Saarlandes
Further information:
http://www.uni-saarland.de

More articles from Information Technology:

nachricht Japanese researchers develop ultrathin, highly elastic skin display
19.02.2018 | University of Tokyo

nachricht Why bees soared and slime flopped as inspirations for systems engineering
19.02.2018 | Georgia Institute of Technology

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: In best circles: First integrated circuit from self-assembled polymer

For the first time, a team of researchers at the Max-Planck Institute (MPI) for Polymer Research in Mainz, Germany, has succeeded in making an integrated circuit (IC) from just a monolayer of a semiconducting polymer via a bottom-up, self-assembly approach.

In the self-assembly process, the semiconducting polymer arranges itself into an ordered monolayer in a transistor. The transistors are binary switches used...

Im Focus: Demonstration of a single molecule piezoelectric effect

Breakthrough provides a new concept of the design of molecular motors, sensors and electricity generators at nanoscale

Researchers from the Institute of Organic Chemistry and Biochemistry of the CAS (IOCB Prague), Institute of Physics of the CAS (IP CAS) and Palacký University...

Im Focus: Hybrid optics bring color imaging using ultrathin metalenses into focus

For photographers and scientists, lenses are lifesavers. They reflect and refract light, making possible the imaging systems that drive discovery through the microscope and preserve history through cameras.

But today's glass-based lenses are bulky and resist miniaturization. Next-generation technologies, such as ultrathin cameras or tiny microscopes, require...

Im Focus: Stem cell divisions in the adult brain seen for the first time

Scientists from the University of Zurich have succeeded for the first time in tracking individual stem cells and their neuronal progeny over months within the intact adult brain. This study sheds light on how new neurons are produced throughout life.

The generation of new nerve cells was once thought to taper off at the end of embryonic development. However, recent research has shown that the adult brain...

Im Focus: Interference as a new method for cooling quantum devices

Theoretical physicists propose to use negative interference to control heat flow in quantum devices. Study published in Physical Review Letters

Quantum computer parts are sensitive and need to be cooled to very low temperatures. Their tiny size makes them particularly susceptible to a temperature...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

2nd International Conference on High Temperature Shape Memory Alloys (HTSMAs)

15.02.2018 | Event News

Aachen DC Grid Summit 2018

13.02.2018 | Event News

How Global Climate Policy Can Learn from the Energy Transition

12.02.2018 | Event News

 
Latest News

Contacting the molecular world through graphene nanoribbons

19.02.2018 | Materials Sciences

When Proteins Shake Hands

19.02.2018 | Materials Sciences

Cells communicate in a dynamic code

19.02.2018 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>