ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic

Abstract : It is well known that apps running on mobile devices extensively track and leak users' personally identifiable information (PII); however, these users have little visibility into PII leaked through the network traffic generated by their devices, and have poor control over how, when and where that traffic is sent and handled by third parties. In this paper, we present the design, implementation, and evaluation of ReCon: a cross-platform system that reveals PII leaks and gives users control over them without requiring any special privileges or custom OSes. ReCon leverages machine learning to reveal potential PII leaks by inspecting network traffic, and provides a visualization tool to empower users with the ability to control these leaks via blocking or substitution of PII. We evaluate ReCon's effectiveness with measurements from controlled experiments using leaks from the 100 most popular iOS, Android, and Windows Phone apps, and via an IRB-approved user study with 92 participants. We show that ReCon is accurate, efficient, and identifies a wider range of PII than previous approaches.
Document type :
Conference papers
Complete list of metadatas

Cited literature [49 references]  Display  Hide  Download

https://hal.inria.fr/hal-01386899
Contributor : Arnaud Legout <>
Submitted on : Monday, October 24, 2016 - 6:10:51 PM
Last modification on : Thursday, January 11, 2018 - 4:48:48 PM

File

recon-mobisys2016.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, David Choffnes. ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, ACM, Jun 2016, Singapore, Singapore. pp.361 - 374, ⟨10.1145/2906388.2906392⟩. ⟨hal-01386899⟩

Share

Metrics

Record views

282

Files downloads

260