Analyzing Data Leakage Using Third Party Connections in Mobile Applications

Abstract

In previous few years, an incredible growth is witnessed in the popularity and pervasiveness of smart phones. And also it has seen that new mobile applications are built day by day. These applications provide users functionality like social networking apps, games, and many more. Some of the mobile applications might be having a direct purchasing cost or be free but having an ad-support for revenue and in return these apps provide users’ private data to ad provider without users consent. Worryingly, some of ad libraries ask for permissions beyond the requirement and additional ones listed in their documentation. Some apps also track users by a network sniffer across ad providers and its applications. Though from security point of view, users have right to know if someone is taking their private data. It is often ineffective at conveying meaningful, useful information on how a user’s privacy might be impacted by using an application.

In this research work, the effect on user privacy of some grossing Android apps was examined that includes apps which provide private data of user without their permission. Android device is firstly rooted for this work and then made some useful changes to collect the required traffic from different applications. On basis of certain parameters, traffic is analyzed and effective results concluded. Using third party connections that an app makes, a threshold is defined to know about legitimacy of application. Some other parameters were also added to check whether an app is stealing users’ private information.