K. W. Au, Y. F. Zhou, Z. Huang, and D. Lie, PScout, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.217-228, 2012.
DOI : 10.1145/2382196.2382222

W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung et al., TaintDroid, OSDI, pp.1-6, 2010.
DOI : 10.1145/2619091

C. Gibler, J. Crussell, J. Erickson, and H. Chen, AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale, 2012.
DOI : 10.1007/978-3-642-30921-2_17

E. Mccallister, Guide to protecting the confidentiality of personally identifiable information, 2010.
DOI : 10.6028/NIST.SP.800-122

M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, Semantically rich applicationcentric security in android, pp.658-673, 2012.

F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang et al., User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, 2012 IEEE Symposium on Security and Privacy
DOI : 10.1109/SP.2012.24

G. Russello, FireDroid, Proceedings of the 29th Annual Computer Security Applications Conference on, ACSAC '13, pp.319-328, 2013.
DOI : 10.1145/2523649.2523678

M. Srivatsa and M. Hicks, Deanonymizing mobility traces, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.628-637, 2012.
DOI : 10.1145/2382196.2382262

H. Zang and J. Bolot, Anonymization of location data does not work, Proceedings of the 17th annual international conference on Mobile computing and networking, MobiCom '11, pp.145-156, 2011.
DOI : 10.1145/2030613.2030630

X. Zhou and . Demetriou, Identity, location, disease and more, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.1017-1028, 2013.
DOI : 10.1145/2508859.2516661

. Viber, The text file .userdata in .../.viber/ 5 reveals lots of user's information, including real name, phone number, and the path of user's profile photo

. Whatsapp, The user's profile photo is stored in .../.shared/ with file name tmpt. The profile photos of user's friends are saved under, Profile pictures/, and they are named by profile owners' phone numbers without any obfuscation

. Linkedin, This app cache the photos into the directory The user's profile photo can be distinguished by file size and modified time

. Kakaotalk, If user A has chatted with user B, the app will create a content folder with the same name in both users' phones, under the path, The files, i.e., photos, on the two phones also have the same name, size and the same path

Q. Tencent, User's account can be got from log files in the path

. Weibo, A file named as user's UID is saved under the path .../page, and we can acquire the user's username and her email address. User's username and UID can be leveraged to access her homepage by constructing specific URLs

. Alipay, User's phone number can be obtained from the meta file in .../cache/, it also points out the other file which discloses the user's phone number

. Renren, Even user' visit histories are also stored in this folder, which contains the name, UID of user's friends. The audio files are named as the format UID+hash value. We can find the user's personal home page by the URL http

. Momo, A folder named as user's account is saved in By the account, we can not only get her profile information, but also infer her location

. Easychat, The file pjsip log.txt in /Yixin/log/ contains all the call records information. Audio files. Instant message apps, like WhatsApp, QQ, and KakaoTalk, store the audio files into public storage without encryption