Abstract
Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user’s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications’ access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.
Highlights
With the proliferation of smartphones, users are requiring various functionalities for different needs
Given that Android supports more kinds of unprivileged sensors than other platforms and most of prior attacks [1, 2, 4, 7, 10] are implemented on Android, in this paper, we focus on the privacy inference based on sensors” (PIS) problem on Android platform
Though the evaluation set is relatively small compared to the total number of Android apps on Google Play, this set covers all categories on Google Play and is enough to evaluate Sensor Guardian’s performance
Summary
With the proliferation of smartphones, users are requiring various functionalities for different needs. All mobile platforms, including Android, iOS, and Windows Phone, provide APIs for developers to access data from these built-in sensors. Though the availability of some sensors may vary between different devices and versions, most Android devices have some basic builtin sensors like accelerometer and magnetometer. These basic sensors are still enough to infer a lot of sensitive information [1,2,3,4, 7, 8, 10]
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have