PhoneWrap - Injecting the "How Often" into Mobile Apps

Daniel Franzen, David Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Mobile apps have access to a variety of sensitive resources and data. Current permission based policies guarding these resources are not expressive enough to distinguish the wanted functionality from malicious attacks. We present the tool PhoneWrap which inserts fine-grained ticket-based policies into mobile JavaScript apps written with the PhoneGap framework. Our policies grant a bounded number of accesses for each functionality based on the user’s interaction with the app. The policies are enforced without modification of the execution environment. We have applied PhoneWrap successfully to hand-crafted examples and real-world Android apps to show that accurate policies can be retrofitted.
Original languageEnglish
Title of host publicationProceedings of the 1st International Workshop on Innovations in Mobile Privacy and Security co-located with the International Symposium on Engineering Secure Software and Systems (ESSoS 2016)
PublisherCEUR-WS.org
Pages11-19
Number of pages9
Publication statusPublished - Apr 2016
Event1st International Workshop on Innovations in Mobile Privacy and Security co-located with the International Symposium on Engineering Secure Software and Systems - London, United Kingdom
Duration: 6 Apr 20166 Apr 2016
http://ceur-ws.org/Vol-1575/

Publication series

NameCEUR Workshop Proceedings
PublisherCEUR-WS.org
Volume1575
ISSN (Print)1613-0073

Conference

Conference1st International Workshop on Innovations in Mobile Privacy and Security co-located with the International Symposium on Engineering Secure Software and Systems
Abbreviated titleIMPS 2016
Country/TerritoryUnited Kingdom
CityLondon
Period6/04/166/04/16
Internet address

Fingerprint

Dive into the research topics of 'PhoneWrap - Injecting the "How Often" into Mobile Apps'. Together they form a unique fingerprint.

Cite this