Identifying sensitive user inputs may be a requirement for privacy protection. Once it involves to analysis systems, in this paper, only those information that undergo well-defined system genus (Application Programming Interfaces) APIs may be mechanically labeled. In our analysis, have a tendency to show that this typical approach is much from adequate, as most sensitive inputs are literally entered by the user at an website’s runtime. In our analysis, have a tendency to examine 17, 425 prime apps from web site, and notice that 35.46% of them involve sensitive user inputs. Manually marking them involves plenty of effort, preventative a large-scale, automatic analysis of web site for potential information leaks. To handle this necessary issue, they have a tendency to gift UIPicker, an pliable framework for automatic identification of sensitive user inputs. (UI) UIPicker is intended to find the linguistics information among the appliance layout resources and program code, and any analyze it for the locations wherever security-critical information might show up. This approach will support a spread of existing security analysis on web site. That have a tendency to any develop a runtime protection mechanism on prime of the technique, that helps the user build well-read selections once her sensitive information is on the brink of leave the device in an sudden method. Have a tendency to judge our approach over two hundred in discriminately chosen well-liked apps on web site. UIPicker is ready to accurately label sensitive user inputs most of the time, with 93.6%precision and 90.1% recall.

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and N. Sheth, “Taintdroid: an information flow tracking system for realtime privacy monitoring on smartphones,” vol. 57, no. 3. ACM, 2014, pp. 99–106.

P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, “These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications,” pp. 639–652, 2011.

Y. Zhang, M. Yang, B. Xu, Z. Yang, G. Gu, P. Ning, X. S. Wang, and Zang, “Vetting undesirable behaviors in android apps with permission use analysis,” in Proc. of ACM CCS’13, 2013, pp. 611–622.

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein,Y. Le Traon, D. Octeau, and P. McDaniel, “Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps,” in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2014.

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, “Chex: statically vetting android apps for component hijacking vulnerabilities,” in Proc. of ACM CCS’12, 2012, pp. 229–240.

Z. Yang, M. Yang, Y. Zhang, G. Gu, P. Ning, and X. S. Wang, “Appintent: Analyzing sensitive data transmission in android for privacy leakage detection,” in Proc. of ACM CCS’13, 2013, pp. 1043–1054.

M. Nauman, S. Khan, and X. Zhang, “Apex: extending android permission model and enforcement with user-defined runtime constraints,” in Proc. of ACM CCS’10, 2010, pp. 328–332.

S. Heuser, A. Nadkarni, W. Enck, and A.-R. Sadeghi, “Asm: A programmable interface for extending android security,” in 23th USENIX Security Symposium (USENIX Security 14), 2014.

S. Smalley and R. Craig, “Security enhanced (se) android: Bringing flexible mac to android.” in Proc. of NDSS’13, 2013.

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, “Towards taming privilege-escalation attacks on android.”in Proc. of NDSS’12, 2012.

“Amazon online store,” https://goo.gl/jYdVPr.

“Bank app users warned over android security,” http://goo.gl/PWcqUy.

“Phishing attack replaces android banking apps with malware,” http://goo.gl/cJqqyX.

“Av-comparatives: Mobile security review - september 2014,” http://goo.gl/JfmcYh.

“Cm security: A peek into 2014’s mobile security, http://goo.gl/i58ihW.

Q. A. Chen, Z. Qian, and Z. M. Mao, “Peeking into your app without actually seeing it: Ui state inference and novel android attacks,” in 23th USENIX Security Symposium (USENIX Security 14), 2014.

Y. Zhou and X. Jiang, “Detecting passive content leaks and pollution in android applications,” in The 20th Annual Network and Distributed System Security (NDSS), 2013.

D. Sounthiraraj, J. Sahs, G. Greenwood, Z. Lin, and L. Khan, “Smvhunter: Large scale, automated detection of ssl/tls man-in-the-middle vulnerabilities in android apps,” in Proc. of NDSS’14, 2014.

R. Xu, H. Sadi, and R. Anderson, “Whyper: Towards automating risk assessment of mobile applications,” in 22th USENIX Security Symposium (USENIX Security 13), 2013, pp. 539–552.

“Qunaer 7.3.8,” http://goo.gl/1vB2k7.

Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen, “Autocog: Measuring the description-to-permission fidelity in android applications,” in Proc. of ACM CCS’14, 2014, pp. 1354–1365.