The number of malicious applications that attempt to exfiltrate users` privacy information has increased with the rapid growth in the usage of mobile applications. To protect privacy information from untrusted apps, runtime monitoring approaches have been suggested for monitoring apps` behavior and enforcing policies corresponding to the behavior. In general, according to the location of the monitoring code and intercepting code, these approaches can be classified into two categories: framework-hardening and app-repackaging. However, both types of approaches suffer from fundamental problems that impede their wide deployment. On the one hand, framework-hardening approaches require OS modification, which suffers from the fragmentation and usability problems, and on the other hand, app-repackaging approaches require app modification, which suffers from problems related to dynamically loaded code and breaching of the signature.
In this thesis, we present a widely deployable policy enforcement system called SeEnclosure, which can selectively adopt an untrusted app at runtime to prevent leakage of privacy data without any modification of the Android OS and apps being required. By exploiting an Android property, SeEnclosure can interpose the code of apps and enforce policies. We show that SeEnclosure is portable for various versions of the Android OS installed on two devices and does not impose repackaging problems, whereas existing approaches do not provide both of these advantages. We evaluated the portability of SeEnclosure on Nexus 7 2012 with Android OS versions from 4.1.2 to 4.4.2 and Galaxy Note 3 with Android OS 4.4.2, with a 3.5% runtime performance overhead, and the compatibility using the top 16 apps in the Android market. Through experiments using our synthetic apps, we also confirm that SeEnclosure does not cause any repackaging problems.