DE102011117855A1 - A method for assessing and mitigating risks through smart phone applications. - Google Patents
A method for assessing and mitigating risks through smart phone applications. Download PDFInfo
- Publication number
- DE102011117855A1 DE102011117855A1 DE102011117855A DE102011117855A DE102011117855A1 DE 102011117855 A1 DE102011117855 A1 DE 102011117855A1 DE 102011117855 A DE102011117855 A DE 102011117855A DE 102011117855 A DE102011117855 A DE 102011117855A DE 102011117855 A1 DE102011117855 A1 DE 102011117855A1
- Authority
- DE
- Germany
- Prior art keywords
- application
- data
- user
- access
- applications
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
Das hier beschriebene erfinderische Verfahren bietet eine technische Verbesserung für die Mobilfunk-Kunden zum Schutz vor bösartigen Applikationen (Apps) die das Potential haben, persönlichen Daten des Kunden an Dritte zu übermitteln ohne dass dies vom Kunden bemerkt wird. Weitere Gefahren gehen von Apps aus, die heimlich die Kontrolle über Mikrofon und/oder Kamera und/oder Kommunikationskanäle wie Mobilnetz oder WLAN gewinnen und so das Umfeld des Kunden ausspionieren können oder teure Premium SMS zu Lasten des Kunden senden. Hiergegen bietet das Verfahren Schutz durch Warnhinweise an den Kunden, mit detaillierten Aufgliederungen von potentiellen und bereits eingetretenen Risiken. Andere hier aufgezeigte Varianten des Verfahrens bieten Strukturen, die den Applikationen aufgezwungen werden, wodurch Manipulationen von Zieladressen oder die Vortäuschung von Adressen die angeblich verwendet werden, nicht möglich ist. Auch die Übernahme von unverfälschbarem Kunden-Input wird hiermit sichergestellt, d. h. was der Kunde sieht oder eingibt wird auch so unverfälscht übernommen und verwendet.The inventive method described herein provides a technical enhancement to cellular customers for protection against malicious applications (apps) that have the potential to communicate personal data of the customer to third parties without the customer noticing. Other dangers come from apps that secretly gain control of the microphone and / or camera and / or communication channels such as mobile network or WLAN and thus spy on the customer's environment or send expensive premium SMS at the expense of the customer. On the other hand, the process offers protection through warnings to the customer, with detailed breakdowns of potential and existing risks. Other variants of the method presented herein provide structures imposed on the applications that do not allow for manipulation of destination addresses or misrepresentation of addresses allegedly used. The assumption of unimpeachable customer input is hereby ensured, d. H. What the customer sees or enters is also taken over and used in the most genuine way.
Description
Gegenwärtige SituationCurrent situation
Applikationen, auch Apps genannt, erfreuen sich großer Beliebtheit, da sie sich als nützlich für viele Bereiche des privaten und des geschäftlichen Lebens erweisen.Applications, also called apps, are very popular because they are useful for many areas of personal and business life.
Obwohl die Mobilfunkkunden kaum auf diese Applikationen verzichten wollen, haben viele ein ungutes Gefühl mit Hinblick auf das Risiko, von der einen oder anderen Applikation ausspioniert zu werden oder dass dadurch auch Manipulationen an persönlichen Daten und oder Business-Daten vorgenommen werden. Außer dem Auspionieren, droht von manchen Apps auch die Gefahr direkter monetärer Nachteile. Denn manche dieser bösartigen Apps senden SMS oder gar teure Premium SMS. Bei hohem Daten-Volumen kann auch das Limit des Nutzers überschritten werden – soweit keine hinreichende Flatrate gebucht ist. Persönliche Daten können an dubiose Ziele (nicht autorisierte Server) versandt werden – unbemerkt vom Nutzer, auch bei Nacht, auch wenn das Handy vermeintlich unbenutzt ist.Although the mobile customers hardly want to give up these applications, many have a bad feeling with regard to the risk of being spied on by one or the other application or by manipulation of personal data and / or business data. Apart from spying, some apps also threaten the danger of direct monetary disadvantages. Because some of these malicious apps send SMS or even expensive premium SMS. If the data volume is high, the user's limit can also be exceeded - as long as no sufficient flat rate is booked. Personal data can be sent to dubious destinations (unauthorized servers) - unnoticed by the user, even at night, even if the phone is supposedly unused.
Es sind Fälle bekannt, in denen auf ganz persönliche und sogar intime Bilder zugegriffen wurde und diese anschließend im Internet öffentlich gemacht wurden – mit erheblichem persönlichen Schaden der betroffenen Personen. Die Hintermänner befinden sich oft in Ländern in denen sie rechtlich nicht greifbar sind.Cases are known in which very personal and even intimate images have been accessed and subsequently made public on the Internet - with significant personal harm to those affected. The backers are often in countries where they are legally intangible.
Applikationen können unbemerkt vom Nutzer das Mikrofon einschalten und/oder die Kamera und den Nutzer und seine Umgebung abhören oder fotografieren oder (video-)filmen.Applications can unnoticed by the user turn on the microphone and / or listen to the camera and the user and his environment or photograph or (video) filming.
„Schläfer” beginnen ihr böses Treiben erst einige Zeit (Wochen oder gar Monate) nach der Installation. Der Nutzer kann dann die oben genannten Phänomene oder auch Veränderungen an seiner Telefonrechnung nicht mehr leicht zuordnen und keinen Zusammenhang mit dem Download der bösartigen Applikation erkennen."Sleepers" do not begin their evil activity for some time (weeks or even months) after installation. The user can then no longer easily associate the above-mentioned phenomena or even changes to his telephone bill and can not detect a connection with the download of the malicious application.
Dem Nutzer werden im Rahmen von etablierten Abläufen von den gängigen Operating-Systemen der mobilen Endgeräte (Handys, Tabletts, etc.) Berechtigungen (Zugriffe auf Daten und/oder Kommunikationskanäle wie Mobilnetz, WLAN, und/oder Geräte wie Kamera, Mikrofon, etc.) angezeigt. Diese Berechtigungen (Permissions) werden im Zusammenwirkten des Operating-Systems mit Einrichtungen wie Market-Place oder AppStore, von denen die Applikationen typischerweise runtergeladen werden, übergeben. Typischerweise sieht der Handy-Nutzer diese Berechtigungen nach dem Download und vor der Installation, meist im Zusammenhang mit der Abfrage einer Bestätigung ob die betreffende Applikation mit den aufgelisteten Berechtigungen installiert werden soll.Within the framework of established processes, the user is granted authorizations (access to data and / or communication channels such as mobile network, WLAN, and / or devices such as camera, microphone, etc.) from the common operating systems of mobile terminals (mobile phones, tablets, etc.). ) is displayed. These permissions are passed on in the interaction of the operating system with devices such as Market-Place or AppStore, from which the applications are typically downloaded. Typically, the mobile phone user sees these permissions after the download and before the installation, usually in connection with the query of confirmation whether the application in question should be installed with the listed permissions.
Diese Information über die Berechtigung ist häufig zu knapp gefasst, um vom Nutzer in ihrer ganzen Tragweite erfasst zu werden. Sie sagt auch kaum etwas darüber aus, welche persönlichen Daten wann und wofür verwendet werden. Auch sind einige Berechtigungen zu pauschal gefasst. Ein gutes Beispiel ist hier die „Internet”-Berechtigung für ein kostenloses Spiel, bei dem der Entwickler über Anzeigen sein Geld verdient. Der Nutzer toleriert die Internet-Berechtigung, denn er versteht, dass die Anzeigen über das Internet von einem Ad-Server (Werbe-Server) geladen werden müssen. Was er nicht erkennen kann, mit welchen Servern das Spiel sonst noch kommuniziert.This information about the entitlement is often too concise to be captured by the user in all its implications. It also says very little about what personal information is used when and for what. Also, some permissions are too general. A good example here is the "Internet" permission for a free game in which the developer earns his money through ads. The user tolerates the internet permission because he understands that the ads have to be downloaded from an ad server (advertising server) via the internet. What he can not tell which servers the game is still communicating with.
Häufig werden viel zu umfangreiche Profile von den App-Designern angefordert. Dies bewirkt, dass der Nutzer den Eindruck gewinnt, die umfangreichen Berechtigungen seien ganz normal und werden von jeder Applikation benötigt. Die Akzeptanzschwelle wird durch diese Erfahrung gesenkt.Often far too extensive profiles are requested by the app designers. This causes the user to get the impression that the extensive permissions are quite normal and are needed by every application. The acceptance threshold is lowered by this experience.
An der Stelle, wo der Reiz vorherrscht die Applikation jetzt zu installieren, stellen die meisten Nutzer die Bedenken hinten an. In der Tat gibt es vergleichbar wenig Missbrauch der Berechtigungen durch die Apps. Es werden zumindest nur wenige Fälle entdeckt. Das hängt auch daran, dass nur wenige Nutzer in der Lage sind, das Verhalten einer App mit Hinblick auf Missbrauch zu analysieren.At the point where the appeal now prevails to install the application, most users put the concerns behind. In fact, there is comparably little abuse of permissions by the apps. At least only a few cases are discovered. This is also because few users are able to analyze the behavior of an app with regard to abuse.
Es gibt zwar viele Foren in denen solche Fragen diskutiert werden, jedoch können diese nicht alle der vielen Hunderttausend Apps kennen und analysieren. Es fehlt auch eine vertrauensvolle Instanz, der man in dieser Frage Glauben schenken kann.While there are many forums where such questions are discussed, they can not know and analyze all of the many hundreds of thousands of apps. There is also a lack of trusting authority that can be trusted on this issue.
Verbesserungimprovement
Das hier beschriebene erfinderische Verfahren ist dem Bereichen mobile Applikationen, Apps, mobile Anwendungen, Schutz der Privatsphäre, und allgemein der Telekommunikation zuzuordnen.The inventive method described here is to be associated with the areas of mobile applications, apps, mobile applications, privacy, and telecommunications in general.
Das Verfahren hilft einerseits, bösartige Applikationen unter den inzwischen auf viele Hunderttausende gewachsene Zahl der Applikationen zu identifizieren und in einer anderen Ausprägung (Anspruch 11–24) Transparenz der Aktionen einer jeden Applikation zu erzwingen und Manipulationen von Zugriffen und Zugriffsrechten wirksam zu unterbinden. Das Verfahren sorgt dafür dass die gutartigen Applikationen gezielt verwendet werden können und sogar noch reichlicher und vielfältiger – jetzt jedoch entspannter und ohne Bedenken.On the one hand, this method helps to identify malicious applications among the number of applications that have since grown to many hundreds of thousands and, in another form (claim 11-24), to enforce the transparency of the actions of each application and effectively prevent manipulation of access and access rights. The process ensures that the benign applications can be targeted and even more abundant and diverse - but now more relaxed and without hesitation.
Die Verfahren 11–24 ermöglichen eine formale Freischaltung des detaillierten Zugriffs- und Kommunikationsverhaltens der Applikationen. Hierzu werden die Applikationen in Strukturen gefasst, die für die essentiellen Daten, die vor Manipulation zu bewahren sind, eine transparente Nutzung gewährleisten. Zu den Daten die zur Abwendung der oben genannten Gefahren kontrolliert werden müssen, gehören z. B.:
- • Für die Kommunikation verwendete Zieladressen (Links, IP-Adressen, Telefonnummern, etc.);
- • Für den Datenzugriff verwendete Sensibilitätsklassen (Persönliche Daten wie Bilder, Videos, Kalenderdaten, Telefon- und Adressbuch, Geschäfts-Dokumente, Pass-Wörter, etc.);
- • Für den Ressourcen-Zugriff verwendete Identifier (Mikrofon, Kamera, GPS, Empfänger, etc.);
- • Destinations used for communication (links, IP addresses, phone numbers, etc.);
- • Sensitivity classes used for data access (personal data such as pictures, videos, calendar data, telephone and address books, business documents, passwords, etc.);
- • identifiers used for resource access (microphone, camera, GPS, receiver, etc.);
Mobile Endgeräten, die diese Verfahren (11–26) nicht verwenden, können die Verfahren 1–10 einsetzen. Letztere nutzen eine auf dem mobilen Endgerät installierte CheckApp, die die Applikationen vor und/oder während und/oder nach der Installation prüft. Diese Prüfung kann rein lokal von der CheckApp auf dem mobilen Endgerät vorgenommen werden oder in Zusammenarbeit mit einer ServCheck, die sich auf einem verfahrensgemäßen Server befindet. ServCheck und CheckApp können jeweils ihre eigenen Knowledge-Datenbank aufbauen oder sie ganz oder teilweise auf den ServCheck hochladen, sodass die ServCheck auch andere mobile Endgeräte von der Erfahrung mit bereits bekannten Applikationen profitieren lassen kann.Mobile terminals that do not use these procedures (11-26) can use procedures 1-10. The latter use a CheckApp installed on the mobile device, which checks the applications before and / or during and / or after installation. This check can be done purely locally from the CheckApp on the mobile device or in cooperation with a ServCheck, which is located on a server according to the procedure. ServCheck and CheckApp can each build their own knowledge database or upload them in whole or in part to the ServCheck, so that the ServCheck can also benefit other mobile devices from the experience of already known applications.
Im Unterschied zu den Verfahren 11–24 können die Verfahren nach 1–10 Schaden für den Nutzer nicht gezielt verhindern, sie geben dem Nutzer jedoch die Information und Transparenz selbst zu entscheiden, ob er eine App installiert oder nicht.In contrast to the methods 11-24, the methods according to 1-10 can not specifically prevent harm to the user, but they give the user the information and transparency to decide whether he installs an app or not.
In benutzerfreundlichen Ausprägungen der Verfahren unter 1–10 kann der Nutzer jederzeit das Profil und/oder die Aktivitäten und/oder die Zeiten der Aktivitäten und/oder ob die Aktivitäten der Applikation bei ausgeschaltetem Display stattgefunden haben, sehen. Eine leicht abrufbare Tabelle, listet z. B. die die Applikationen, die auf dem mobilen Endgerät des Nutzers installiert sind. Farbmarkierungen zu jeder Applikation geben ein Gesamtrating zum potentiellen und/oder eingetretenen Risiko. Durch Anklicken einer Applikation in der Liste erfährt der Nutzer weitere Details über potentielle und/oder bereits eingetretene Risiken, wie z. B.
- • welches Volumen hat die Applikation in Aufwärts- und/oder Abwärtsrichtung übertragen;
- • auf welche Daten (Bilder, Kontakte, Kalender, etc.) hat die App zugegriffen;
- • welche sonstigen Ressourcen (Mikrofon, Kamera, etc.) hat die Applikation dabei einbezogen;
- • welche Kommunikationskanäle wurden dabei verwendet (WLAN, Mobilnetze, unter Roaming Bedingungen), und dergleichen.
- • which volume has been transmitted by the application in the upward and / or downward direction;
- • which data (pictures, contacts, calendars, etc.) the app has accessed;
- • which other resources (microphone, camera, etc.) included the application;
- • which communication channels were used (WLAN, mobile networks, under roaming conditions), and the like.
Claims (26)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102011117855A DE102011117855A1 (en) | 2011-11-08 | 2011-11-08 | A method for assessing and mitigating risks through smart phone applications. |
PCT/DE2012/001046 WO2013067989A2 (en) | 2011-11-08 | 2012-10-27 | Method for assessing and containing risks from smartphone applications |
DE112012004653.6T DE112012004653A5 (en) | 2011-11-08 | 2012-10-27 | A method for assessing and mitigating risks through smart phone applications. |
EP12806337.7A EP2776969A2 (en) | 2011-11-08 | 2012-10-27 | Method for assessing and containing risks from smartphone applications |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102011117855A DE102011117855A1 (en) | 2011-11-08 | 2011-11-08 | A method for assessing and mitigating risks through smart phone applications. |
Publications (1)
Publication Number | Publication Date |
---|---|
DE102011117855A1 true DE102011117855A1 (en) | 2013-05-08 |
Family
ID=47435674
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE102011117855A Withdrawn DE102011117855A1 (en) | 2011-11-08 | 2011-11-08 | A method for assessing and mitigating risks through smart phone applications. |
DE112012004653.6T Withdrawn DE112012004653A5 (en) | 2011-11-08 | 2012-10-27 | A method for assessing and mitigating risks through smart phone applications. |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE112012004653.6T Withdrawn DE112012004653A5 (en) | 2011-11-08 | 2012-10-27 | A method for assessing and mitigating risks through smart phone applications. |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP2776969A2 (en) |
DE (2) | DE102011117855A1 (en) |
WO (1) | WO2013067989A2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102012001101A1 (en) | 2012-01-23 | 2013-07-25 | Joachim Linz | Method for multilaterally and holistically detecting and improving the quality of mobile services using customer terminals with feedback to the customer. |
US9443106B2 (en) | 2013-12-13 | 2016-09-13 | Indian Institute Of Technology Madras | Filtering means for tracking information flow in android operated devices |
DE102022200162B3 (en) | 2022-01-10 | 2023-05-04 | Kuka Deutschland Gmbh | Method and system for operating a robotic system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080016339A1 (en) * | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
US20090319998A1 (en) * | 2008-06-18 | 2009-12-24 | Sobel William E | Software reputation establishment and monitoring system and method |
US20110154032A1 (en) * | 2005-11-18 | 2011-06-23 | Qualcomm Incorporated | Mobile Security System and Method |
US20110185428A1 (en) * | 2010-01-27 | 2011-07-28 | Mcafee, Inc. | Method and system for protection against unknown malicious activities observed by applications downloaded from pre-classified domains |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1971102B1 (en) * | 2007-03-14 | 2020-06-17 | Deutsche Telekom AG | Method and system for monitoring communication devices to detect malicious software |
-
2011
- 2011-11-08 DE DE102011117855A patent/DE102011117855A1/en not_active Withdrawn
-
2012
- 2012-10-27 WO PCT/DE2012/001046 patent/WO2013067989A2/en active Application Filing
- 2012-10-27 DE DE112012004653.6T patent/DE112012004653A5/en not_active Withdrawn
- 2012-10-27 EP EP12806337.7A patent/EP2776969A2/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110154032A1 (en) * | 2005-11-18 | 2011-06-23 | Qualcomm Incorporated | Mobile Security System and Method |
US20080016339A1 (en) * | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
US20090319998A1 (en) * | 2008-06-18 | 2009-12-24 | Sobel William E | Software reputation establishment and monitoring system and method |
US20110185428A1 (en) * | 2010-01-27 | 2011-07-28 | Mcafee, Inc. | Method and system for protection against unknown malicious activities observed by applications downloaded from pre-classified domains |
Non-Patent Citations (2)
Title |
---|
ENCK. W. [et al.] TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, In Proc. of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010 in Vancouver,URL: http://appanalysis.org/tdroid10.pdf [abgerufen im Internet am 05.07.2012] * |
ONGTANG. M. [et al.]: Semantically Rich Application-Centric Security in Android , 2009 Annual Computer Security Applications Conference, Publication Year: 2009,URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5380692 [abgerufen im Internet am 05.07.2012] * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102012001101A1 (en) | 2012-01-23 | 2013-07-25 | Joachim Linz | Method for multilaterally and holistically detecting and improving the quality of mobile services using customer terminals with feedback to the customer. |
US9443106B2 (en) | 2013-12-13 | 2016-09-13 | Indian Institute Of Technology Madras | Filtering means for tracking information flow in android operated devices |
DE102022200162B3 (en) | 2022-01-10 | 2023-05-04 | Kuka Deutschland Gmbh | Method and system for operating a robotic system |
Also Published As
Publication number | Publication date |
---|---|
EP2776969A2 (en) | 2014-09-17 |
DE112012004653A5 (en) | 2014-12-31 |
WO2013067989A3 (en) | 2013-08-08 |
WO2013067989A2 (en) | 2013-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Van Bruggen et al. | Modifying smartphone user locking behavior | |
CN101513008B (en) | System for implementing safety of telecommunication terminal | |
DE112012000744T5 (en) | Detection of a Trojan horse | |
US9477574B2 (en) | Collection of intranet activity data | |
DE102011016864A1 (en) | ANWENDUINGSLADEN | |
Knockel et al. | We chat, they watch: How international users unwittingly build up WeChat’s Chinese censorship apparatus | |
DE202012013734U1 (en) | System for filtering spam messages based on user reputation | |
DE112012000750T5 (en) | Backup and manage apps in one device | |
DE102008016197A1 (en) | Identify an application user as the source of a database activity | |
CN108197444A (en) | Right management method, device and server under a kind of distributed environment | |
CN113516337A (en) | Method and device for monitoring data security operation | |
DE102011077512A1 (en) | Method for the secure processing of data stored in an electronic safe | |
DE102021205259A1 (en) | CREATION OF RESTRICTED MOBILE ACCOUNTS | |
DE102011117855A1 (en) | A method for assessing and mitigating risks through smart phone applications. | |
DE102017113147A1 (en) | Secure payment protection method and corresponding electronic device | |
CN106485144A (en) | The analysis method of classified information and device | |
CN108959950A (en) | Private data guard method based on dynamic analog pasting technique | |
Heitz | Federal Legislation Does Not Sufficiently Protect American Data Privacy | |
Markelj et al. | Comprehension of cyber threats and their consequences in Slovenia | |
KR20130102197A (en) | Whistle blower system using terminal and method thereof | |
Härting et al. | Study on the impact of the proposed draft of the ePrivacy-regulation | |
DE112013004758T5 (en) | Manage phone calls | |
CN106355089A (en) | Secret-associated information analysis method and device | |
US11587098B2 (en) | Automated consent management systems and methods for using same | |
Eismann et al. | Applied Ethics and Digital Information Privacy: Informing the Design of Covid-19 Contact Tracing Apps |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
R086 | Non-binding declaration of licensing interest | ||
R012 | Request for examination validly filed | ||
R002 | Refusal decision in examination/registration proceedings | ||
R125 | Request for further processing filed | ||
R126 | Request for further processing allowed | ||
R119 | Application deemed withdrawn, or ip right lapsed, due to non-payment of renewal fee |
Effective date: 20140603 |