Abstract

An Android app can collaborate with other apps by using an intent. It can also control personal information or use permissions granted by a user. However, users cannot detect when their apps communicates with other apps. Therefore, they might not be aware of any information leakage if an app happens to be malware. In this paper, we propose a method for tracking and visualizing the diffusion of sensitive information and preventing its leakage on an Android device. This method, which we call DroidTrack, alerts a user that there is the possibility of information leakage when an app uses APIs (Application Program Interfaces) to communicate externally. These alerts are triggered only if the app has already called APIs to collect sensitive information. Users are given the option to refuse the execution of the API if it is not appropriate. Furthermore, by illustrating how their personal data is shared, users are provided with the necessary information to help them decide whether an API call is appropriate.