Enhancing Privacy Protection on Android Devices through Federated Learning and Differential Privacy
Abstract
Abstract. The rapid expansion of Android devices has brought about significant
convenience and connectivity improvements, but it has also escalated the risk of
data breaches and unauthorized access to sensitive information. This research
presents a thorough investigation into the sources of data leakage within the
Android ecosystem, evaluates existing detection methodologies. Through the
analysis of real-world data breaches, critical vulnerabilities are identified for
android devices.
The study evaluates the effectiveness of current detection tools and their
limitations, revealing that while static and dynamic analysis techniques are
valuable, they are often resource-intensive and prone to false positives. To
address these challenges, a novel hybrid model integrating Federated Learning
(FL) and Differential Privacy (DP) is proposed. This DP+FL model ensures
data remains on user devices and adds noise to local model updates to maintain
privacy.
Experimental results demonstrate that the DP+FL model significantly
outperforms traditional FL and DP methods, achieving an accuracy of 95%,
precision of 94%, recall of 95%, and F1 score of 94%. These findings indicate
that the DP+FL model not only enhances privacy protection but also maintains
high model performance.
References
and A. N. Sheth, ‘‘TaintDroid: An information-flow tracking system for realtime privacy
monitoring on smartphones,’’ ACM Trans. Comput. Syst., vol. 32, no. 2, pp. 1–29, Jun. 2014,
doi: 10.1145/2619091
2. Zhang, X., Yadollahi, M. M., Dadkhah, S., Isah, H., Le, D. P., & Ghorbani, A. A. (2022). “Data
breach: analysis, countermeasures and challenges”. International Journal of Information and
Computer Security, 19(3-4), pp. 402–442.
3. Haider, W. (2018). “Developing reliable anomaly detection system for critical hosts: a
proactive defense paradigm (Doctoral dissertation, UNSW Sydney)”.
4. Cholevas, C., Angeli, E., Sereti, Z., Mavrikos, E., & Tsekouras, G. E. (2024). “Anomaly
Detection in Blockchain Networks Using Unsupervised Learning: A Survey. Algorithms”,
17(5), 201.
5. Lala, S. K., Kumar, A., & Subbulakshmi, T. (2021, May). “Secure web development using
owasp guidelines”. In 2021 5th International Conference on Intelligent Computing and
Control Systems (ICICCS) IEEE. pp. 323–332.
6. Roumani, Y. (2021). “Patching zero-day vulnerabilities: an empirical analysis”. Journal of
Cybersecurity, 7(1).
7. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012, July). “Android
permissions: User attention, comprehension, and behavior”. In Proceedings of the Eighth
Symposium on Usable Privacy and Security, pp. 1–14.
8. Rizvi, S., Pipetti, R., McIntyre, N., Todd, J., & Williams, I. (2020). “Threat model for securing
internet of things (IoT) network at device-level”. Internet of Things, 11, 100240.
9. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., ... & McDaniel, P. (2014).
“Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis
for android apps”. ACM Sigplan Notices, 49(6), pp. 259–269.
10. Qark Testing Tool, [online] Available: https://github.com/linkedin/qark.
11. MobSF Team. (n.d.). Mobile Security Framework (MobSF). Retrieved from https://github.
com/MobSF/Mobile-Security-Framework-MobSF.
12. Androguard Team. (n.d.). Find Security Bugs. Retrieved from https://find-sec-bugs.github.io/.
13. Android Developers. (n.d.). Android Lint. Retrieved from https://developer.android.com/
studio/write/lint.
14. Mammen, P. M. (2021). “Federated learning: Opportunities and challenges”. arXiv preprint
arXiv:2101.05428.
15. Dwork, C. (2006, July). “Differential privacy. In International colloquium on automata,
languages, and programming”. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 1–12.
