iABC-AL: Active learning-based privacy leaks threat detection for iOS applications

• Main Authors: Arpita Jadhav Bhatt, Chetna Gupta, Sangeeta Mittal
• Format: Article
• Language: English
• Published: Elsevier 2021-09-01
• Series: Journal of King Saud University: Computer and Information Sciences
• Subjects: iOS applications; Information security; Static analysis; Permission extraction; Active learning
• Online Access: http://www.sciencedirect.com/science/article/pii/S131915781830291X

Do iOS applications breach privacy? With plethora of iOS applications available in market, most users are unaware of security risks they pose. This includes breach of user’s privacy by sharing personal and sensitive Smartphone data without user’s consent. Apple follows strict code signing procedure to ensure that applications are developed from trusted enterprises. However, past malware attacks on iOS devices have demonstrated that there is lack of protection from permission misuse by applications. While machine learning approaches offer promising results in detecting such malicious applications for Android operating system, there has been minimal research in extending them to iOS platform due to unavailability of labeled data-sets. In this study, we propose iABC-AL (iOS Application analyzer and Behavior Classifier using Active Learning), a framework to detect malicious iOS applications. The objective of iABC-AL is to protect permission induced user’s privacy risks by (i) maximizing precision of machine learning based classification models and (ii) minimize requirement of labeled training data-set. To attain the objective, iABC-AL framework incorporates category of application and active learning approaches. A total of 2325 iOS applications were evaluated. Empirical results demonstrate that the proposed approach achieves accuracy rate of 91.5% and increases precision of supervised approach by 14.5%.