AnFlo: Detecting Anomalous Sensitive Information Flows in Android Apps
Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar

TL;DR
AnFlo is a novel method for detecting anomalous sensitive data flows in Android apps by grouping trusted apps by functionality and comparing their data handling patterns, improving accuracy over existing approaches.
Contribution
It introduces a topic-based grouping approach to learn normal data flows, enabling more accurate anomaly detection tailored to app functionalities.
Findings
Identified 2 previously unknown vulnerable apps.
Detected anomalies in 6 out of 18 malware apps.
Learned from 11,796 trusted apps.
Abstract
Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive data is handled by an app which is vulnerable or malicious. Existing approaches that detect anomalous sensitive data flows have limitations in terms of accuracy because the definition of anomalous flows may differ for different apps with different functionalities; it is normal for "Health" apps to share heart rate information through the Internet but is anomalous for "Travel" apps. In this paper, we propose a novel approach to detect anomalous sensitive data flows in Android apps, with improved accuracy. To achieve this objective, we first group trusted apps according to the topics inferred…
Click any figure to enlarge with its caption.
Figure 1
Figure 2Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
