Users are increasingly expected to manage a wide range of security and privacy settings. An important example of this trend is the variety of users might be called upon to review permissions when they download mobile apps. Experiments have shown that most users struggle with reviewing these permissions. Earlier research efforts in this area have primarily focused on protecting users ’ privacy and security through the development of analysis tools and extensions intended to further increase the level of control provided to users with little regard for human factor considerations. This thesis aims to address this gap through the study of user mobile app privacy preferences with the dual objective of both simplifying and enhancing mobile app privacy decision interfaces. Specifically, we combine static code analysis, crowdsourcing and machine learning techniques to elicit people’s mobile app privacy preferences. We show how the resulting preference models can inform the design of interfaces that offer the promise of alleviating user burden when it comes to reviewing the permissions requested by mobile apps. Our contribution is threefold. First, we provide the first large-scale, indepth

Abstract—Smartphones represent the most serious threat to user privacy of any widely-deployed computing technology because these devices are always on and always connected, making them the perfect candidate to know most about the owner. Unfortunately, existing permission models provide smartphone users with limited protection, in part due to the difficulty to users in distinguishing between legitimate and illegitimate use of their data; for example, a mapping app may upload the same location information it uses to download maps (legitimate) to a marketing agency interested in delivering location-based ads (illegitimate). As a result, smartphone users find themselves forced to make burdensome and error-prone tradeoffs between app functionality and privacy. To combat this, we propose a new approach called PocketMocker. By allowing substitution of real data streams with artificial or mocked data, PocketMocker allows users to manipulate impressions of their behavior in well-defined ways, such as appearing more fit, more social, or more on-time than they actually are. Instead of focusing on privacy, we explore providing users with better management of their smartphone-derived digital identities. We discuss the design of PocketMocker, which uses user-initiated context trace recording and replay to enable objective-driven context mocking. Our evaluation shows that users want to use PocketMocker, that PocketMocker can mock popular smartphone apps, and that PocketMocker is usable. I.

Abstract — Short Message Service (SMS) is a text messaging service component of phone, web, or mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between fixed line or mobile phone devices. Security of SMS’s is still an open challenging task. Various Cryptographic algorithms have been applied to secure the mobile SMS. The success of any cryptography technique depends on various factors like complexity, time, memory requirement, cost etc. In this paper we survey the most common and widely used SMS Encryption techniques. Each has its own advantages and disadvantages. Recent trends on Cryptography on android message applications have also been discussed. The latest cryptographic algorithm is based on lookup table and dynamic key which is easy to implement and to use and improve the efficiency. In this paper, an improvement in lookup table and dynamic algorithm is proposed. Rather than using the Static Lookup Table, Dynamic Lookup Table may be used which will improve the overall efficiency. Keywords- SMS, AES, DES, Blowfish, RSA, 3DES, LZW. I.

Android mobile devices are enjoying a lion’s market share in smartphones and mobile devices. This also attracts malware writers to target the Android platform. Recently, we have discovered a new Android malware distribution channel: re-leasing malicious firmwares with pre-installed malware to the wild. This poses significant risk since users of mobile de-vices cannot change the content of the malicious firmwares. Furthermore, pre-installed applications have “more permis-sions ” (i.e., silent installation) than other legitimate mobile apps, so they can download more malware or access users’ confidential information. To understand and address this new form of malware dis-tribution channel, we design and implement “DroidRay”: a security evaluation system for customized Android firmwares. DroidRay uses both static and dynamic analyses to evalu-ate the firmware security on both the application and system levels. To understand the impact of this new malware dis-tribution channel, we analyze 250 Android firmwares and 24,009 pre-installed applications. We reveal how the mali-cious firmware and pre-installed malware are injected, and discovered 1,947 (8.1%) pre-installed applications have sig-nature vulnerability and 19 (7.6%) firmwares contain pre-installed malware. In addition, 142 (56.8%) firmwares have the default signature vulnerability, five (2.0%) firmwares contain malicious hosts file, at most 40 (16.0%) firmwares have the native level privilege escalation vulnerability and at least 249 (99.6%) firmwares have the Java level privi-lege escalation vulnerability. Lastly, we investigate a real-world case of a pre-installed zero-day malware known as CEPlugnew, which involves 348,018 infected Android smart-phones, and we show its degree and geographical penetra-tion. This shows the significance of this new malware distri-bution channel, and DroidRay is an effective tool to combat this new form of malware spreading. 1.