Android privacy C(R)ache: Reading your external storage and sensors for fun and profit
2016 (English)In: PAMCO 2016 - Proceedings of the 2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing, Association for Computing Machinery (ACM), 2016, 1-10 p.Conference paper (Refereed)
Android's permission system empowers informed privacy decisions when installing third-party applications. However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ-EXTERNAL-STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a "curious" application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, "curious" applications.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2016. 1-10 p.
Android permissions, External storage, Monitoring, Personal data leakage, Profiling, Android (operating system), Data mining, Digital storage, Mobile computing, Access permissions, Private information, Sensitive informations, Third party application (Apps), User data, Data privacy
IdentifiersURN: urn:nbn:se:kth:diva-197174DOI: 10.1145/2940343.2940346ScopusID: 2-s2.0-84982851758ISBN: 9781450343466OAI: oai:DiVA.org:kth-197174DiVA: diva2:1055746
2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing, PAMCO 2016, 5 July 2016
QC 201612132016-12-132016-11-302016-12-13Bibliographically approved