Abstract

Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user’s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications’ access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.

Highlights

  • With the proliferation of smartphones, users are requiring various functionalities for different needs

  • Given that Android supports more kinds of unprivileged sensors than other platforms and most of prior attacks [1, 2, 4, 7, 10] are implemented on Android, in this paper, we focus on the privacy inference based on sensors” (PIS) problem on Android platform

  • Though the evaluation set is relatively small compared to the total number of Android apps on Google Play, this set covers all categories on Google Play and is enough to evaluate Sensor Guardian’s performance

Read more

Summary

Introduction

With the proliferation of smartphones, users are requiring various functionalities for different needs. All mobile platforms, including Android, iOS, and Windows Phone, provide APIs for developers to access data from these built-in sensors. Though the availability of some sensors may vary between different devices and versions, most Android devices have some basic builtin sensors like accelerometer and magnetometer. These basic sensors are still enough to infer a lot of sensitive information [1,2,3,4, 7, 8, 10]

Results
Discussion
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call