{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T23:15:10Z","timestamp":1770333310916,"version":"3.49.0"},"reference-count":58,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2019,3,29]],"date-time":"2019-03-29T00:00:00Z","timestamp":1553817600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1618684"],"award-info":[{"award-number":["CNS-1618684"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Interact. Mob. Wearable Ubiquitous Technol."],"published-print":{"date-parts":[[2019,3,29]]},"abstract":"<jats:p>With the enormous popularity of smartphones, millions of mobile apps are developed to provide rich functionalities for users by accessing certain personal data, leading to great privacy concerns. To address this problem, many approaches have been proposed to detect privacy disclosures in mobile apps, but they largely fail to automatically determine whether the privacy disclosures are necessary for the functionality of apps. As a result, security analysts may easily face with a large number of false positives when directly adopting such approaches for app analysis. In this paper, we propose LeakDoctor, an analysis system seeking to automatically diagnose privacy leaks by judging if a privacy disclosure from an app is necessary for some functionality of the app. Functionality-irrelevant privacy disclosures are not justifiable, so considered as potential privacy leak cases. To achieve this goal, LeakDoctor integrates dynamic response differential analysis with static response taint analysis. In addition, it employs a novel technique to locate the program statements of each privacy disclosure. We implement a prototype of LeakDoctor and evaluate it against 1060 apps, which contain 2,095 known disclosure cases. Our experimental results show that LeakDoctor can automatically determine that 71.9% of the privacy disclosure cases indeed serve apps' functionalities and are justifiable. Hence, with the diagnosis results of LeakDoctor, analysts may avoid analyzing many justifiable privacy disclosures and only focus on the those unjustifiable cases.<\/jats:p>","DOI":"10.1145\/3314415","type":"journal-article","created":{"date-parts":[[2019,4,2]],"date-time":"2019-04-02T11:57:40Z","timestamp":1554206260000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["LeakDoctor"],"prefix":"10.1145","volume":"3","author":[{"given":"Xiaolei","family":"Wang","sequence":"first","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}]},{"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of California Santa Barbara, Department of Computer Science, University of California, Santa Barbara, Santa Barbara, USA"}]},{"given":"Yuexiang","family":"Yang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha, China"}]},{"given":"Yongzhong","family":"He","sequence":"additional","affiliation":[{"name":"School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China"}]},{"given":"Sencun","family":"Zhu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, The Pennsylvania State University, State College, Pennsylvania, USA"}]}],"member":"320","published-online":{"date-parts":[[2019,3,29]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"2016. JustTrustMe. Online: htps:\/\/github.com\/Fuzion24\/JustTrustMe. (2016).  2016. JustTrustMe. Online: htps:\/\/github.com\/Fuzion24\/JustTrustMe. (2016)."},{"key":"e_1_2_1_2_1","unstructured":"2016. mitmproxy. Online: htps:\/\/mitmproxy.org. (2016).  2016. mitmproxy. Online: htps:\/\/mitmproxy.org. (2016)."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40787-1_26"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818808"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2184489.2184500"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23140"},{"key":"e_1_2_1_9_1","volume-title":"International Conference on Security and Privacy in Communication Systems. Springer, 427--435","author":"Chandra Swarup","year":"2014"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766507"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132029"},{"key":"e_1_2_1_12_1","volume-title":"Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Network and Distributed System Security Symposium.","author":"Continella Andrea","year":"2017"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23296"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818037"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766506"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2017.8057221"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the IEEE International Conference on Computer Communications (INFOCOM).","author":"Fu H."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568276"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046780"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568301"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3214271"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3191748"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2999572.2999596"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3092703.3092708"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2787394.2787396"},{"key":"e_1_2_1_30_1","volume-title":"IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In IEEE International Conference on Software Engineering. 280--291","author":"Li Li","year":"2015"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931044"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.38"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3130941"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2971648.2971693"},{"key":"e_1_2_1_35_1","volume-title":"Symposium on Usable Privacy and Security.","author":"Liu Bin","year":"2016"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.65"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23287"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/3155562.3155598"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818767"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.25"},{"key":"e_1_2_1_41_1","volume-title":"USENIX Security Symposium. 527--542","author":"Pandita Rahul","year":"2013"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660287"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435379"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2906388.2906392"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.66"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2971648.2971753"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808117.2808120"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978343"},{"key":"e_1_2_1_49_1","volume-title":"Usenix Conference on Security Symposium. 175--190","author":"Tripp Omer","year":"2014"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2750858.2805833"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243835"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660357"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978343"},{"key":"e_1_2_1_54_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Wong Michelle Y","year":"2018"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.60"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139550.3139552"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516676"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330204"}],"container-title":["Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3314415","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3314415","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3314415","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:53:30Z","timestamp":1750204410000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3314415"}},"subtitle":["Toward Automatically Diagnosing Privacy Leaks in Mobile Applications"],"short-title":[],"issued":{"date-parts":[[2019,3,29]]},"references-count":58,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,3,29]]}},"alternative-id":["10.1145\/3314415"],"URL":"https:\/\/doi.org\/10.1145\/3314415","relation":{},"ISSN":["2474-9567"],"issn-type":[{"value":"2474-9567","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3,29]]},"assertion":[{"value":"2018-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-03-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}