Revisiting Stealthy Sensitive Information Collection from Android Apps

In recent years, most countries and territories have put in place strict regulations for user privacy protection. Checking and monitoring the privacy policy compliance of mobile applications thus has become essential for users, app developers and device manufacturers. Nonetheless, this is a challenging task, as modern mobile operating systems like Android contain multiple channels through which third-party apps can obtain sensitive information. Besides the official APIs that are regulated by its permission system, the apps can exploit other channels such as native calls, Java reflection, Binder services, Webview and even vulnerabilities. Existing techniques based on static and dynamic analysis often fail to cover all possible channels. Network traffic analysis is also ineffective when the sensitive data are set over after encryption.

In this session, we will address this challenging task using a low-level detection method…..

By: Guangdong Bai , Guangshuai Xia , Qing Zhang

Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/briefings/schedule/#revisiting-stealthy-sensitive-information-collection-from-android-apps-31059Black HatRead More