MORPHDROID: Fine-grained privacy verification

Abstract

Mobile devices are rich in sensors, such as a Global Positioning System (GPS) tracker, microphone and camera, and have access to numerous sources of personal information, including the device ID, contacts and social data. This richness increases the functionality of mobile apps, but also creates privacy threats. As a result, different solutions have been proposed to verify or enforce privacy policies. A key limitation of existing approaches is that they reason about privacy at a coarse level, without accounting for declassification rules, such that the location for instance is treated as a single unit of information without reference to its many fields. As a result, legitimate app behaviors - such as releasing the user's city rather than exact address-are perceived as privacy violations, rendering existing analyses overly conservative and thus of limited usability. In this paper, we present MORPHDROID, a novel static analysis algorithm that verifies mobile applications against fine-grained privacy policies. Such policies define constraints over combinations of fine-grained units of private data. Specifically, through a novel design, MORPHDROID tracks flows of fine-grained privacy units while addressing important challenges, including (i) detection of correlations between different units (e.g. longitude and latitude) and (ii) modeling of semantic transformations over private data (e.g. conversion of the location into an address). We have implemented MORPHDROID, and present a thorough experimental evaluation atop a comprehensive benchmark suite for Android static and dynamic analyses (DroidBench), as well as the 500 top-popular Google Play applications in 2014. Our experiments involve a spectrum of 5 security policies, ranging from a strict coarse-grained policy to a more realistic fine-grained policy that accounts for declassification rules. The experiment on DroidBench shows that MORPHDROID achieves precision and recall scores of over 90%. The experiments on popular apps show that the gap between policies is dramatic, the most conservative policy yielding warnings on 171 of the applications (34%), and the more realistic policy flagging only 4 of the applications as misbehaved (< 1%). In addition, MORPHDROID exhibits good performance with an average analysis time of < 20 seconds, where on average apps consist of 1.4M lines of code.