Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

New approach uncovers data abuse on mobile end devices

05.07.2012
Increasingly often, mobile applications on web-enabled mobile phones and tablet computers do more than they appear to.

In secrecy, the “apps” forward private data to a third party. Computer scientists from Saarbrücken have developed a new approach to prevent this data abuse. They can put a stop to the data theft through the app “SRT AppGuard”.

The chief attraction: For the protection to work, it is not necessary to identify the suspicious programs in advance, nor must the operating system be changed. Instead, the freely available app attacks the program code of the digital spies.

“My smartphone knows everything about me, starting with my name, my phone number, my e-mail address, my interests, up to my current location,” explains computer science professor Michael Backes, who manages the Center for IT-Security, Privacy and Accountability at Saarland University. “It even knows my friends quite well, as it saves their contact details, too,” says Backes. Therefore he is not surprised that several mobile applications, also known as apps, display simple functionality up front, while in the background, they send the identification number of the device, the personal whereabouts of the user, or even the contact details of friends, colleagues and customers to a server somewhere in the internet.

The producers of anti-virus software have been making vivid predictions of such scenarios for some time now; in the meantime, scientific studies also prove the threat. A study from the University of California in Santa Barbara (US) concluded that among 825 examined apps for the iPhone and its operating system iOS, 21 percent forward the ID number, four percent the current position, and 0.5 percent even copy the address book.

Michael Backes and his team of researchers now bring this abuse to an end. Their approach focuses on Android. It is the most common operating system for smartphones and tablet computers. Developed by the Google software group, this freely available operating system is used by several mobile phone manufacturers, and since November 2011 is activated daily on more than 700,000 devices.

However, Android is known for its rigorous policy on assignment of privileges. If a user wants to install a downloaded app, he learns via a list which access rights to data (location, contacts, photos) and functions (Internet, locating) will be claimed by that app. Now he has two options: Either he accepts all conditions, or the app will not be installed. After the installation, the privileges cannot be revoked. “Moreover, many developers generally claim all rights for their app because the concept of privileges of Android is misleading, but they want to ensure the smooth functioning of their app nevertheless,” explains Philipp von Styp-Rekowsky, PhD student at the chair in IT security and cryptography.

This “sink-or-swim” strategy is put to rest by the researcher from Saarbrücken. The app “SRT AppGuard” based on their approach determines, for every application installed on a smartphone, what it accesses, and shows this information to the user. Privileges can now be revoked or granted to the respective app at any time. The researchers have already published the app on the platform “Google Play”. It can be downloaded there for free. It runs problem-free on Android 3.x.x and higher. The development of the app has been taken on by the enterprise Backes SRT, which was founded by Backes in 2010. It is also located on the campus in Saarbrücken.

Computer Science on the Saarland University Campus
Apart from the Saarland University chair in computer science and the Center for IT-Security, Privacy and Accountability, the German Research Center for Artificial Intelligence, the Max Planck Institute for Computer Science, the Max Planck Institute for Software Systems, the Center for Bioinformatics, the Intel Visual Computing Institute and the Cluster of Excellence on “Multimodal Computing and Interaction” can also be found there.
Technical background

For their approach, the Saarbrücken researchers use the fact that the Android apps work in a so-called virtual machine, which is written in the computer language Java. Therefore the apps are saved on the smartphone as executable “bytecode” after installation. That’s when SRT AppGuard comes into play. While the suspicious app is running, it is checking its bytecode for the security-sensitive instructions, which it had been programmed to do by the experts from Saarbrücken. It adds a special control code in front of the suspect comment or procedure. This is only necessary once, as the secured bytecode replaces the original one afterwards. This overwriting process usually only takes a few seconds and a small number of lines of additional code. The computer scientists have reviewed 13 apps, among them the popular game “Angry Birds”, the music identifying app “Shazam” and the social-media apps “Facebook” and “What’s app”. For the app belonging to the microblogging service Twitter, for example, it needs 16.7 seconds and 48 additional lines of code. “It is just as in an art museum ,” explains Styp-Rekoswky, “Instead of checking every visitor, you only provide the most valuable paintings with an invisible alarm function.”

But the Saarbrücken app can do even more than just providing alerts. It is also able to block suspicious requests or change them so they cannot do any harm. “Thus, we can also prevent the use of known security vulnerabilities of the respective apps or Android operating system,” adds Professor Michael Backes. This possibility is very important if the manufacturer cannot provide security fixes in time,” says the professor.

See also:
The App on Google Play Store
https://play.google.com/store/apps/details?id=com.srt.appguard.mobile

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei and Philipp von Styp-Rekowsky: The Android Monitor – Real-time policy enforcement for third-party applications

http://www.infsec.cs.uni-saarland.de/projects/android-monitor/android-monitor.pdf


Center for IT-Security, Privacy and Accountability (CISPA)
http://www.cispa-security.de

For further information please contact:

Professor Dr. Michael Backes
Chair CISPA
Phone: +49 681 302-3259
E-Mail: backes@cispa.uni-saarland.de

Sebastian Gerling
Administrative manager CISPA
Phone: +49 681 302-57373
E-Mail: sgerling@cispa.uni-saarland.de

Editing:

Gordon Bolduan

Scientific Communicator
Phone: +49 681 302-70741
E-Mail: gbolduan@mmci.uni-saarland.de

Saar - Uni - Presseteam | Universität des Saarlandes
Further information:
http://www.uni-saarland.de

More articles from Information Technology:

nachricht Multifunctional e-glasses monitor health, protect eyes, control video game
28.05.2020 | American Chemical Society

nachricht Researchers incorporate computer vision and uncertainty into AI for robotic prosthetics
28.05.2020 | North Carolina State University

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: K-State study reveals asymmetry in spin directions of galaxies

Research also suggests the early universe could have been spinning

An analysis of more than 200,000 spiral galaxies has revealed unexpected links between spin directions of galaxies, and the structure formed by these links...

Im Focus: New measurement exacerbates old problem

Two prominent X-ray emission lines of highly charged iron have puzzled astrophysicists for decades: their measured and calculated brightness ratios always disagree. This hinders good determinations of plasma temperatures and densities. New, careful high-precision measurements, together with top-level calculations now exclude all hitherto proposed explanations for this discrepancy, and thus deepen the problem.

Hot astrophysical plasmas fill the intergalactic space, and brightly shine in stellar coronae, active galactic nuclei, and supernova remnants. They contain...

Im Focus: Biotechnology: Triggered by light, a novel way to switch on an enzyme

In living cells, enzymes drive biochemical metabolic processes enabling reactions to take place efficiently. It is this very ability which allows them to be used as catalysts in biotechnology, for example to create chemical products such as pharmaceutics. Researchers now identified an enzyme that, when illuminated with blue light, becomes catalytically active and initiates a reaction that was previously unknown in enzymatics. The study was published in "Nature Communications".

Enzymes: they are the central drivers for biochemical metabolic processes in every living cell, enabling reactions to take place efficiently. It is this very...

Im Focus: New double-contrast technique picks up small tumors on MRI

Early detection of tumors is extremely important in treating cancer. A new technique developed by researchers at the University of California, Davis offers a significant advance in using magnetic resonance imaging to pick out even very small tumors from normal tissue. The work is published May 25 in the journal Nature Nanotechnology.

researchers at the University of California, Davis offers a significant advance in using magnetic resonance imaging to pick out even very small tumors from...

Im Focus: I-call - When microimplants communicate with each other / Innovation driver digitization - "Smart Health“

Microelectronics as a key technology enables numerous innovations in the field of intelligent medical technology. The Fraunhofer Institute for Biomedical Engineering IBMT coordinates the BMBF cooperative project "I-call" realizing the first electronic system for ultrasound-based, safe and interference-resistant data transmission between implants in the human body.

When microelectronic systems are used for medical applications, they have to meet high requirements in terms of biocompatibility, reliability, energy...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Dresden Nexus Conference 2020: Same Time, Virtual Format, Registration Opened

19.05.2020 | Event News

Aachen Machine Tool Colloquium AWK'21 will take place on June 10 and 11, 2021

07.04.2020 | Event News

International Coral Reef Symposium in Bremen Postponed by a Year

06.04.2020 | Event News

 
Latest News

An MRI technique has been developed to improve the detection of tumors

03.06.2020 | Medical Engineering

K-State study reveals asymmetry in spin directions of galaxies

03.06.2020 | Physics and Astronomy

The cascade to criticality

03.06.2020 | Physics and Astronomy

VideoLinks
Science & Research
Overview of more VideoLinks >>>