ARTICLE | doi:10.20944/preprints202009.0161.v1
Subject: Engineering, General Engineering Keywords: Smartphone; cloud; privacy; framework; mobile privacy; blockchain; permission system; data security; Android OS; Zygote; Dalvik VM
Online: 7 September 2020 (08:53:02 CEST)
The Smartphone industry has expanded significantly over the last few years. According to the available data, each year, a marked increase in the number of devices in use is observed. Most consumers opt for Smartphones due to the extensive number of software applications that can be downloaded on their devices, thus increasing their functionality. However, this growing trend of application installation brings an issue of user protection, as most applications seek permission to access data on a user’s device. The risks this poses to sensitive data is real to both corporate and individual users. While Android has grown in popularity, this trend has not been followed by the efforts to increase the security of its users. This is a well-known set of problems, and prior solutions have approached it from the ground up; that is, they have focused on implementing reasonable security policies within the Android’s open-source kernel. While these solutions have achieved the goals of improving Android with such security policies, they are severely hampered by the way in which they have implemented them. In this work, a framework referred to as CenterYou is proposed to overcome these issues. It applies a pseudo data technique and a cloud-based decision-making system to scan and protect Smartphone devices from unnecessarily requested permissions by installed applications and identifies potential privacy leakages. The current paper demonstrated all aspects of the CenterYou application technical design. The work presented here provides a significant contribution to the field, as the technique based on pseudo data is used in the actual permissions administration of Android applications. Moreover, this system is user and cloud-driven, rather than being governed by over-privileged applications.