Characterizing Sensor Leaks in Android Apps

01/17/2022
by   Xiaoyu Sun, et al.
0

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, SEEKER, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. SEEKER conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that SEEKER is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/22/2019

DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling

With the number of new mobile malware instances increasing by over 50% a...
research
02/15/2023

Demystifying security and compatibility issues in Android Apps

Never before has any OS been so popular as Android. Existing mobile phon...
research
08/10/2021

A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned

We study the temporal dynamics of potentially harmful apps (PHAs) on And...
research
12/21/2018

Do we agree on user interface aesthetics of Android apps?

Context: Visual aesthetics is increasingly seen as an essential factor i...
research
04/20/2021

The Emperor's New Autofill Framework: A Security Analysis of Autofill on iOS and Android

Password managers help users more effectively manage their passwords, en...
research
05/23/2017

Predictive Analytics for Enhancing Travel Time Estimation in Navigation Apps of Apple, Google, and Microsoft

The explosive growth of the location-enabled devices coupled with the in...
research
09/29/2021

A First Step Towards Detecting Values-violating Defects in Android APIs

Human values are an important aspect of life and should be supported in ...

Please sign up or login with your details

Forgot password? Click here to reset