DiOS: Dynamic Privacy Analysis of iOS Applications

Abstract

We present DiOS, a practical system to perform automated dynamic privacy analysis of iOS apps. DiOS provides a highly scalable and fully automated solution to schedule apps from the official Apple App Store for privacy analysis to iOS devices. While apps are automatically executed, user interaction is simulated using random and smart execution strategies, and sensitive API calls as well as network connections are tracked. We evaluated the system on 1,136 of the most popular free apps from the iOS App Store and found out that almost 20% of all investigated apps are tracking users’ locations on every app start, one third of all accesses to users’ address books are attributed to apps from the social network category and almost half of all apps are tracking users’ app usage behavior by incorporating tracking and advertising libraries.

Publication
Friedrich-Alexander-Universität Erlangen-Nürnberg, Dept. of Computer Science, Technical Reports, CS-2014-03, June 2014
Date