Abstract

A wide range of mobile applications continuously access motion and orientation sensor data to learn patterns for their operations. This unfeterred access to rich streams of data from multiple sensors raises the question of whether sensitive personal information might be inferred by these sensor-oriented applications. In this paper, we demonstrate a previously unexplored privacy threat that could be posed by a rogue background mobile app accessing sensor data on a smartphone. The core driving mechanism behind the attack is that the unique GUI components of different apps cause unique sensor data patterns during routine usage of the apps. This in turn makes it possible to fingerprint a specific app and identify it based on its associated sensor signature. Using the most popular mobile gaming apps as a case study, we show the attack to attain up to 75% in one attempt and about 93% in the three attempts. The paper further questions the idea of apps having access to motion and orientation sensor data without asking for permission from the end-users.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.