skip to main content
10.1145/2897073.2897715acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
invited-talk

Eavesdropping and obfuscation techniques for smartphones

Published: 14 May 2016 Publication History

Abstract

Mobile apps often collect and share personal data with untrustworthy third-party apps, which may lead to data misuse and privacy violations. Most of the collected data originates from sensors built into the mobile device, where some of the sensors are treated as sensitive by the mobile platform while others permit unconditional access. Examples of privacy-prone sensors are the microphone, camera and GPS system. Access to these sensors is always mediated by protected function calls. On the other hand, the light sensor, accelerometer and gyroscope are considered innocuous. All apps have unrestricted access to their data.
Unfortunately, this gap is not always justified. State-of-the-art privacy mechanisms on Android provide inadequate access control and do not address the vulnerabilities that arise due to unmediated access to so-called innocuous sensors on smartphones. We have developed techniques to demonstrate these threats. As part of our demonstration, we illustrate possible attacks using the innocuous sensors on the phone. As a solution, we present ipShield, a framework that provides users with greater control over their resources at runtime so as to protect against such attacks. We have implemented ipShield by modifying the AOSP.

References

[1]
Android Security Overview. http://source.android.com/devices/tech/security/.
[2]
ipShield: A Framework For Enforcing Context-Aware Privacy. http://tinyurl.com/ipshieldgit.
[3]
PDroid patch for Android Jelly Bean. http://github.com/gsbabil/PDroid-AOSP-JellyBean.
[4]
A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith. Practicality of accelerometer side channels on smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12, pages 41--50, 2012.
[5]
L. Bao and S. S. Intille. Activity recognition from user-annotated acceleration data. Pervasive, LNCS 3001:1--17, 2004.
[6]
A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. Mockdroid: Trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile '11, pages 49--54, 2011.
[7]
S. Chakraborty, K. R. Raghavan, M. P. Johnson, and M. B. Srivastava. A framework for context-aware privacy of sensor data on mobile systems. In Proceedings of the 14th Workshop on Mobile Computing Systems and Applications, HotMobile '13, pages 11:1--11:6, 2013.
[8]
S. Chakraborty, C. Shen, K. R. Raghavan, Y. Shoukry, M. Millar, and M. Srivastava. ipshield: A framework for enforcing context-aware privacy. In Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation, NSDI'14, pages 143--156, 2014.
[9]
D. F. K.-h. Chang and J. Canny. Ammon: A speech analysis library for analyzing affect, stress, and mental health on mobile phones. Proceedings of PhoneSense, 2011, 2011.
[10]
D. Genkin, A. Shamir, and E. Tromer. Rsa key extraction via low-bandwidth acoustic cryptanalysis. Cryptology ePrint Archive, Report 2013/857, 2013.
[11]
J. Han, E. Owusu, L. Nguyen, A. Perrig, and J. Zhang. Accomplice: Location inference using accelerometers on smartphones. In Communication Systems and Networks (COMSNETS), 2012 Fourth International Conference on, pages 1--9, 2012.
[12]
P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 551--562, 2011.
[13]
K. Plarre, A. Raij, S. Hossain, A. Ali, M. Nakajima, M. Al'absi, E. Ertin, T. Kamarck, S. Kumar, M. Scott, D. Siewiorek, A. Smailagic, and L. Wittmers. Continuous inference of psychological stress from sensory measurements collected in the natural environment. In Information Processing in Sensor Networks (IPSN), 2011 10th International Conference on, pages 97--108, 2011.
[14]
K. K. Rachuri, M. Musolesi, C. Mascolo, P. J. Rentfrow, C. Longworth, and A. Aucinas. Emotionsense: a mobile phones based adaptive platform for experimental social psychology research. In Proceedings of the 12th ACM international conference on Ubiquitous computing, pages 281--290, 2010.
[15]
M. M. Rahman, A. A. Ali, K. Plarre, M. al'Absi, E. Ertin, and S. Kumar. mconverse: Inferring conversation episodes from respiratory measurements collected in the field. In Proceedings of the 2Nd Conference on Wireless Health, WH '11, pages 10:1--10:10, 2011.
[16]
S. Reddy, M. Mun, J. Burke, D. Estrin, and M. Hansen, Mark a nd Srivastava. Using mobile phones to determine transportation modes. ACM Trans. Sen. Netw., 6(2):13:1--13:27, Mar. 2010.

Cited By

View all
  • (2024)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone SensorsSoftware Engineering and Management: Theory and Application10.1007/978-3-031-55174-1_10(139-158)Online publication date: 3-May-2024
  • (2023)Understanding and Mitigating Technology-Facilitated Privacy Violations in the Physical WorldProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580909(1-16)Online publication date: 19-Apr-2023
  • (2023)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)10.1109/SERA57763.2023.10197713(287-294)Online publication date: 23-May-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and Systems
May 2016
326 pages
ISBN:9781450341783
DOI:10.1145/2897073
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 May 2016

Check for updates

Author Tags

  1. Android
  2. mobile phones
  3. privacy

Qualifiers

  • Invited-talk

Conference

ICSE '16
Sponsor:

Upcoming Conference

ICSE 2025

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)1
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone SensorsSoftware Engineering and Management: Theory and Application10.1007/978-3-031-55174-1_10(139-158)Online publication date: 3-May-2024
  • (2023)Understanding and Mitigating Technology-Facilitated Privacy Violations in the Physical WorldProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580909(1-16)Online publication date: 19-Apr-2023
  • (2023)Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)10.1109/SERA57763.2023.10197713(287-294)Online publication date: 23-May-2023
  • (2019)Android Device or a Privacy Compromise?2019 International Carnahan Conference on Security Technology (ICCST)10.1109/CCST.2019.8888411(1-6)Online publication date: Oct-2019
  • (2018)Adding Security to Networks-on-Chip using Neural Networks2018 IEEE Symposium Series on Computational Intelligence (SSCI)10.1109/SSCI.2018.8628832(1299-1306)Online publication date: Nov-2018

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media