Understanding the Behaviour of Privacy in Mobile Apps and Detecting Privacy Leaks Sumit Kumar Asst. Prof, Department of Computer Science & Engineering The Northcap University, Gurugram, India mail.sumitkumar30@gmail.com Ravi Shanker Asst. Prof, Department of Computer Science & Engineering Lovely Professional University, Phagwara, India ravishanker20@gmail.com Abstract— With the advent of smartphones, mobile application industry is becoming one of the fastest growing industry today. Every now and then, we hear about a new app being launched. However, besides providing you with information like news, fun and amusement services – they can also seize your privacy. One of the most common example of this trend is asking permission from users when they are seeking to download those apps. Many types of researches have suggested that users don’t care much while giving permissions to these apps. The main purpose of our research is to know the main reason for asking these permission requests by analyzing your app’s traffic and how they collect sensitive information such as your phone’s IMEI number or location for advertisement, tracking, or analytical purposes. To address this issue, we have developed Network Privacy Monitor (NPM), a tool for active network monitoring and context aware network filtering capabilities. With this tool, a user can block any app that utilizes personal or confidential data for a specified context. Our work is a small contribution towards strengthening the existing Android security framework. Keywords: Android security; mobile apps; privacy leaks; traffic analysis; sensitive information; advertisement I. INTRODUCTION Smartphones user base has grown with a rapid rate over the last couple of years. With the emergence in the ownership of smartphones, mobile apps platform became very prominent, that gives users the liberty to download different types of applications from their App Stores[1] ranging from entertainment to work into their mobile phones. Based on a survey done in June of 2016, it has been shown that more that 2,200,000 apps has been provided by the Google’s App Store; same is the case with Apple which provides more than 1 million apps in its store. Mobile apps are able to use numerous capabilities of a smartphone ranging from making a simple call to user’s location, thereby providing its users with relevant services and striking features. Admittance to these valuable services and features provides different types of security and privacy invasions which is inescapable. One clear problem is Malwares, other severe issue is that, smartphone handlers, in a generic way, are neither completely conscious and nor have complete control on how these apps gain access and transmits their private information. For example, the KMPlayer app gathers data regarding Device ID & call information which can make users very uncomfortable. In fact, studies[3] have suggested that customers have very little or no understanding regarding these delicate informations. Many studies done by researchers have shown that a stunningly high percentage of mobile applications can access their personal information behind users consent and may threaten their privacy. A recent research found out that more than 30 out of 160 Android apps examined and send Information related to geographical data to their remote ad servers without user’s awareness. Many of these malicious apps also sends the unique mobile IMEI and even the actual cell and serial number to app sellers. All this information helps the advertisers and sellers to make a complete and exclusive profiles regarding your interests, likes and dislikes, different locations that you visit while carrying your mobile phone, your social sites surfing habits and much more. One renowned music app was under federal examination[8] for collecting their customers locality, gender, date of birth, and unique cell phone number (like IMEI) and sends this information to third party servers like advertisers[2,3]. Social networking applications like Facebook and Path, were being caught time and again, uploading the whole contact lists of their user’s onto their servers, which greatly astonished the whole world and questions their trustfulness. Our main work is to provide important and useful information to the end user’s such that it will bring down the gap created between users privacy preferences and research based on privacy. 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT) 978-1-7281-0283-2/19/$31.00 ©2019 IEEE 1253 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 02,2022 at 03:51:13 UTC from IEEE Xplore. Restrictions apply.