COMP527 Final Project Proposal
By Cen Chen, Yijie Li, Nithya Renganathan
Problem Description
Mobile security is becoming an increasingly concerned issue every day as more mobile apps are available. Certain mobile apps can – on purpose – access to people’s personal information, like contacts list, current location. Facebook, for instance, would never accidentally share your contacts list with the world.
There are high potential threats for Android users as Android is a flexible layout framework allowing everyone to position elements relative to each other for free. App developers tend to choose this platform and we have no idea what their apps do in backend.
So CyanogenMod emerges, shedding light on what apps do in backend and making Android users manage their personal information on their device.
CyanogenMod is an open source firmware distribution for smart and tablet based on Android system.[1]
Recently, CyanogenMod has a new feature called Privacy Guard. This feature gives users better controls over apps and their permissions. In fact, Privacy Guard allows users to manage apps access permissions in the system. Now Privacy Guard moves forwards to 2.0 version, and CM is integrating something called “AppOps”: When permissions are denied for an app, AppOps gives the system the ability to revoke permissions and return empty data sets.[2]
Project Description
This project is to add a feature to Privacy Guard in CyanogenMod so that it can perform reports with privacy-related issues of installed apps to users, like recording the frequency of an app accessing to personal info, or what kinds of personal info.
Expected Features of this project include:
1. Check privacy-related behaviors of installed apps
2. Reports in pretty visual format on mobile phone
3. Scalable to adapt to different apps
4. Scalable to be developed on different devices, computer, phone e.g.
5. Pretty reports on different devices
Features are listed in priority order. We haven’t fully insight current features of Privacy Guard for now, so we may modify the specific features we intend to work on. But whatever the feature is, this priority order stays the same.
High-Level Overview of Approach
With the priority list, this project is expected to be developed in following steps:
• Install CyanogenMod; Be familiar with CyanogenMod and Privacy Guard
• Understand the source code of Privacy Guard: How Privacy Guard interacts with apps
• Take several installed apps on CyanogenMod as example, analysis their privacy-related behavior
• Write code to perform the new feature based on one app
• Get reports in pretty visual format
• Expand the project to adapt to more apps and evaluate the reports
• Make the project dynamic to be applied on different devices
• Pretty reports on all devices
• Documentation
Potential Outcomes
With this implementation, Android users can manage their personal info and use apps in a reasonable way. They can clearly see how often apps access to the privacy info and what kind of info are attacked though the attack may be denies by other features of Privacy Guard. According to the reports, they can choose to use or drop certain apps.
Reference:
[1] “CyanogenMod | Android Community Rom Based on Jelly Bean.” CyanogenMod. N.p., n.d. Web. 07 Oct. 2013.
[2] “CyanogenMod Updating to Privacy Guard 2.0 with New Features, Coming to CM 10.2.” Android Central. N.p., n.d. Web. 07 Oct. 2013.