TY - GEN
T1 - Exploiting Third-party SDK Sensitive Data Leakage
AU - Ye, Hong Bao
AU - Weng, Hsiang Yang
AU - Jiau, Hewijin Christine
N1 - Funding Information:
VII. ACKNOWLEDGMENTS This paper was partially supported by Ministry of Science and Technology of R.O.C. under grant number MOST109-2221-E006-164.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/12
Y1 - 2020/12
N2 - Data leakage is a critical threat to app developers because apps use and reserve a variety of sensitive data collected from users. While using third-party SDK is a common way to build apps, some accessed data may not be perceived by app developers. Therefore, the use of third-party SDKs may cause data leakage. This work proposes a platform named "WaRning-Awareness Platform"(WRAP). WRAP records profiles of SDKs, and reveals sensitive data accessed by SDKs. To demonstrate the data leakage caused by third-party SDKs, this work conducts a case study with various categories of Android apps. The result of our case study indicates that if app developers do not pay attention to the accessed data, the data would be leaked.
AB - Data leakage is a critical threat to app developers because apps use and reserve a variety of sensitive data collected from users. While using third-party SDK is a common way to build apps, some accessed data may not be perceived by app developers. Therefore, the use of third-party SDKs may cause data leakage. This work proposes a platform named "WaRning-Awareness Platform"(WRAP). WRAP records profiles of SDKs, and reveals sensitive data accessed by SDKs. To demonstrate the data leakage caused by third-party SDKs, this work conducts a case study with various categories of Android apps. The result of our case study indicates that if app developers do not pay attention to the accessed data, the data would be leaked.
UR - http://www.scopus.com/inward/record.url?scp=85102167596&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85102167596&partnerID=8YFLogxK
U2 - 10.1109/ICS51289.2020.00101
DO - 10.1109/ICS51289.2020.00101
M3 - Conference contribution
AN - SCOPUS:85102167596
T3 - Proceedings - 2020 International Computer Symposium, ICS 2020
SP - 485
EP - 490
BT - Proceedings - 2020 International Computer Symposium, ICS 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 International Computer Symposium, ICS 2020
Y2 - 17 December 2020 through 19 December 2020
ER -