FlowIntent: Detecting Privacy Leakage from User Intention to Network Traffic Mapping

TL;DR

FlowIntent is a novel system that detects user-intended location-related network transmissions on Android, outperforming existing methods by capturing missed sensitive data leaks with high accuracy.

Contribution

This work introduces a user-centric approach to identify suspicious location transmissions, improving detection accuracy and adaptability over traditional host-based or program analysis methods.

Findings

Achieves about 91% accuracy in detecting illegitimate location transmissions.

Captures sensitive transmissions missed by state-of-the-art taint analysis systems.

Effectively identifies user-intended data leaks in real-world app data.

Abstract

The exponential growth of mobile devices has raised concerns about sensitive data leakage. In this paper, we make the first attempt to identify suspicious location-related HTTP transmission flows from the user's perspective, by answering the question: Is the transmission user-intended? In contrast to previous network-level detection schemes that mainly rely on a given set of suspicious hostnames, our approach can better adapt to the fast growth of app market and the constantly evolving leakage patterns. On the other hand, compared to existing system-level detection schemes built upon program taint analysis, where all sensitive transmissions as treated as illegal, our approach better meets the user needs and is easier to deploy. In particular, our proof-of-concept implementation (FlowIntent) captures sensitive transmissions missed by TaintDroid, the state-of-the-art dynamic taint analysis system on Android platforms. Evaluation using 1002 location sharing instances collected from more than 20,000 apps shows that our approach achieves about 91% accuracy in detecting illegitimate location transmissions.