Pervasive and Mobile Computing 8 (2012) 402–414 Contents lists available at SciVerse ScienceDirect Pervasive and Mobile Computing journal homepage: www.elsevier.com/locate/pmc A location-based policy-specification language for mobile devices Joshua Finnis, Nalin Saigal, Adriana Iamnitchi, Jay Ligatti * Department of Computer Science and Engineering, University of South Florida, 4202 E. Fowler Ave., ENB 118, Tampa, FL 33620, United States article info Article history: Received 25 March 2010 Received in revised form 9 November 2010 Accepted 14 November 2010 Available online 19 November 2010 Keywords: Policy-specification languages Location-dependent policies Mobile devices Security and privacy abstract The dramatic rise in mobile applications has greatly increased threats to the security and privacy of users. Security mechanisms on mobile devices are currently limited, so users need more expressive ways to ensure that downloaded mobile applications do not act maliciously. Policy-specification languages were created for this purpose; they allow the enforcement of user-defined policies on third-party applications. We have implemented LoPSiL, a location-based policy-specification language for mobile devices. This article describes LoPSiL’s design and implementation, several example policies, and experiments that demonstrate LoPSiL’s viability for enforcing policies on mobile devices. © 2010 Elsevier B.V. All rights reserved. 1. Introduction The widespread adoption of mobile devices and their rich computational and communication capabilities has led to a plethora of applications for mobile platforms. Apple’s App Store for the iPhone is the most prominent example of this, containing over 130,000 applications [1] only a year and a half after launch, with a total of over 3 billion mobile applications downloaded [2]. The Android Market, which was developed by Google for their Android mobile operating system, lists over 30,000 applications as of March 2010 [3]. It is projected that 8 billion mobile application downloads will occur during 2010 across all mobile platforms [4]. The producers of such applications range from large companies to individual hobbyists who mostly provide no guarantee and no accountability for the quality and security of their product. In particular, mobile devices have unprecedented access to private, personal information through the use of location services such as GPS. The security infrastructure of mobile devices such as roaming laptops, cell phones, and PDAs, does not include sufficient control over how location information is accessed by applications. On current mobile application platforms, users have no more information than a description of the application from the developers and comments from other users, which can easily be gamed. Many users simply do not think of their mobile device as a PC – despite the current generation mobile chipsets being as powerful as PC chipsets of only 10 years ago [5] – and do not realize that they need to protect their mobile devices against applications just as they do PCs. We identify two security risks that may occur from running untrusted mobile applications on mobile devices: 1. Developers may insert code into an application a user would have no reason to question. Such an application could, for example, access personal information from the address book of a smartphone, retrieve photos taken by a camera, take new photos, or access the user’s location using the GPS API. The user’s location and other personal information could then be sent to an unknown server through a Wi-Fi or 3G connection, all without the user’s knowledge. In fact, a 2010 study of 30 popular third-party Android applications found that half shared location data with advertisement servers without user consent [6]. * Corresponding author. Tel.: +1 813 974 0908; fax: +1 813 974 5456. E-mail addresses: jfinnis@mail.usf.edu (J. Finnis), nsaigal@cse.usf.edu (N. Saigal), anda@cse.usf.edu (A. Iamnitchi), ligatti@cse.usf.edu (J. Ligatti). 1574-1192/$ – see front matter © 2010 Elsevier B.V. All rights reserved. doi:10.1016/j.pmcj.2010.11.003