Today’s mobile apps are increasingly aggressive at collecting users’ private data. App users have very limited control over how and when apps should be allowed to access sensitive sensors or personal data, ranging from cameras and GPS to contacts and app usage history. The problem is further complicated as more and more apps integrate “data-hungry” components, such as advertising, analytics and user trackers.
To address this pressing issue, Long Lu, an assistant professor of computer science at Stony Brook University, and his group have developed a tool named CASE, which stands for Comprehensive Application Security Enforcement. CASE allows app users and IT administrators to impose customizable security restrictions on “off-the-shelf” apps. Unlike existing mobile security tools, CASE can identify small components inside apps and enforces fine-grained, flexible rules, such as disallowing personal apps from accessing corporate networks or allowing an app to read user identity while preventing the in-app ads from doing so.
The group’s research paper, “CASE: Comprehensive Application Security Enforcement on COTS Mobile Devices,” is to appear in the Proceedings of the 14th International Conference on Mobile Systems, Applications, and Services (MobiSys), a top-tier conference on mobile computing that will be held in Singapore this June.
Long Lu is a member of Stony Brook’s National Security Institute (NSI), which spans multiple disciplines and establishes public-private partnerships to develop new holistic socio-technological solutions for securing the world’s highly digital societies. NSI also engages in the education of professionals in defense, national and cybersecurity, assurance, healthcare and policy. NSI’s team of experts has helped launch successful security-centric technology startups.