Fine-Grained User Control Over Usages Of Sensitive System Resources Having Private Data With Applications In Privacy Enforcement
First Claim
1. A computer-readable storage medium comprising computer-readable code embodied thereon, wherein execution of the computer-readable code by at least one processor causes an apparatus to perform:
- accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system;
determining, in the application, one or more program points involving access to the private data of the user via the application programming interface;
for each selected one of the one or more program points, rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user;
packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and
outputting the application with the rewritten code for use by the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method whereby permission is accessed that is to be revoked for an application. The permission involves access to private data of a user via an API of an OS. It is determined, in the application, program point(s) involving access to the private data of the user via the API. For each selected one of the program point(s), code in the application is rewritten to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement. The mock object or value does not expose the private data of the user. The application with the rewritten code is packaged as an output application able to be subsequently executed by the user, and is output for use by the user.
19 Citations
17 Claims
-
1. A computer-readable storage medium comprising computer-readable code embodied thereon, wherein execution of the computer-readable code by at least one processor causes an apparatus to perform:
-
accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system; determining, in the application, one or more program points involving access to the private data of the user via the application programming interface; for each selected one of the one or more program points, rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user; packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and outputting the application with the rewritten code for use by the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
one or more memories comprising computer-readable code; one or more processors coupled to the one or more memories, wherein the one or more processors are configured by execution of the computer-readable code to cause the apparatus to perform the following; accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system; determining, in the application, one or more program points involving access to the private data of the user via the application programming interface; for each selected one of the one or more program points, rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user; packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and outputting the application with the rewritten code for use by the user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus, comprising:
-
means for accessing a permission that is to be revoked for an application, wherein the permission involves access to private data of a user via an application programming interface of an operating system; means for determining, in the application, one or more program points involving access to the private data of the user via the application programming interface; means, responsive to each selected one of the one or more program points, for rewriting code in the application to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement, wherein the mock object or value does not expose the private data of the user; means for packaging the application with the rewritten code as an output application able to be subsequently executed by the user; and means for outputting the application with the rewritten code for use by the user.
-
Specification