In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments

TL;DR

This paper introduces a tool chain for in-vivo bytecode instrumentation on Android smartphones to enhance privacy, demonstrating its feasibility through two prototypes that improve permission control and ad removal.

Contribution

It presents a novel tool chain enabling runtime bytecode instrumentation directly on Android devices, addressing privacy concerns with practical prototypes.

Findings

Tool chain runs efficiently on smartphones

Prototypes improve user privacy and control

Challenges for real-world deployment identified

Abstract

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: BetterPermissions, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation.