Privacy Leaks When You Play Games: A Novel User-Behavior-Based Covert Channel on Smartphones

Abstract

To protect user privacy, many smartphone systems, such as Android and Windows Phone, adopt the permission-based mechanism in which a user can evaluate the request of private information by a mobile app before installing it. However, recent studies show that the permission-based mechanism is vulnerable to application colluding attacks because two apps, which appear to be harmless individually, can establish a covert channel and use it to leak confidential information. In general, existing known covert channels usually work in a way that one app can modify the status of a system component, while the other can read the status. Even though several covert channel detection schemes have been proposed recently to fight against this type of covert channels, we point out that such designed covert channel detection schemes are not sufficient. In this paper, we demonstrate the possibility of establishing novel covert channels that work in quite different ways, in which one app (e.g., a game) can be designed deliberately such that the user will be induced to voluntarily modify the status of a system component (e.g., a motion sensor), while the other app can read the status of the system component. To validate our design, we implement three covert channels on Android. Our experiments show that these channels can bypass existing detection schemes. Moreover, we also measure the achievable throughput, error rate, and energy consumption in devices. The results demonstrate that our covert channels can achieve a transmission with high accuracy and low energy consumption. Our work sets a new alarm for the security issue of using smartphones.