STOVEPipe: Observable Access Control of User Data for Untrusted Applications on Mobile Devices

The rapid growth in mobile devices will give rise to the trend of the leasing out of compute and data resources on mobile devices to third-parties for applications to be run on multiple mobile devices. However, these third-party applications running on leased mobile devices are typically written by unknown entities, and cannot be trusted by mobile device owners. Current mobile device platforms (e.g. Android) have permissions and access control systems designed for mobile apps that are written by reputable developers and vetted by authoritative app stores, and they are not suitable for untrusted apps. We propose STOVEPipe, an observable access control system for user data on mobile devices for untrusted third-party applications. STOVEPipe ensures that untrusted code is isolated and cannot directly access system data, and performs all data accesses on behalf of untrusted apps. This enables STOVEPipe to observe all data accessed by untrusted apps, implement content-based access control, perform accounting and auditing on accessed data easily, and perform privacy-preserving data transformations.