Advertisement

Yet Another Way to Unknowingly Gather People Coordinates and Its Countermeasures

  • Gabriella Verga
  • Andrea Fornaia
  • Salvatore Calcagno
  • Emiliano TramontanaEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11874)

Abstract

Apps running on a smartphone have the possibility to gather data that can act as a fingerprint for their user. Such data comprise the ids of nearby WiFi networks, features of the device, etc., and they can be a precious asset for offering e.g. customised transportation means, news and ads, etc. Additionally, since WiFi network ids can be easily associated to GPS coordinates, from the users frequent locations it is possible to guess their home address, their shopping preferences, etc. Unfortunately, existing privacy protection mechanisms and permissions on Android OS do not suffice in preventing apps from gathering such data, which can be considered sensitive and not to be disclosed to a third part. This paper shows how an app using only the permission to access WiFi networks could send some private data unknowingly from the user. Moreover, an advanced mechanism is proposed to shield user private data, and to selectively obscure data an app could spy.

Keywords

Android OS Privacy Permission WiFi Big data 

Notes

Acknowledgement

This work has been supported by project CREAMS—Codes Recognising and Eluding Attacks and Meddling on Systems—funded by Università degli Studi di Catania, Piano della Ricerca 2016/2018 Linea di intervento 2.

References

  1. 1.
    Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)CrossRefGoogle Scholar
  2. 2.
    Ascia, G., et al.: Making Android apps data-leak-safe by data flow analysis and code injection. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 205–210 (2016)Google Scholar
  3. 3.
    Aung, Z., Zaw, W.: Permission-based Android malware detection. Int. J. Sci. Technol. Res. 2(3), 228–234 (2013)Google Scholar
  4. 4.
    Cavallaro, C., Verga, G., Tramontana, E., Muscato, O.: Multi-agent architecture for point of interest detection and recommendation. In: Proceedings of XX Workshop From Objects to Agents (WOA) (2019)Google Scholar
  5. 5.
    Di Stefano, A., Fornaia, A., Tramontana, E., Verga, G.: Detecting Android malware according to observations on user activities. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 241–246 (2018)Google Scholar
  6. 6.
    Enck, W.: Defending users against smartphone apps: techniques and future directions. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 49–70. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25560-1_3CrossRefGoogle Scholar
  7. 7.
    Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. 7(1), 50–57 (2009)CrossRefGoogle Scholar
  8. 8.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 627–638 (2011)Google Scholar
  9. 9.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of ACM Symposium on Usable Privacy and Security (2012)Google Scholar
  10. 10.
  11. 11.
    Krupp, B., Sridhar, N., Zhao, W.: SPE: security and privacy enhancement framework for mobile devices. IEEE Trans. Dependable Secure Comput. 14(4), 433–446 (2015)CrossRefGoogle Scholar
  12. 12.
    Montealegre, C., Njuguna, C.R., Malik, M.I., Hannay, P., McAteer, I.N.: Security vulnerabilities in Android applications. In: Proceedings of Australian Information Security Management Conference (2018)Google Scholar
  13. 13.
    Nguyen, L., et al.: UnLocIn: unauthorized location inference on smartphones without being caught. In: Proceedings of IEEE International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8 (2013)Google Scholar
  14. 14.
    Qi, M., Wang, Z., He, Z., Shao, Z.: User identification across asynchronous mobility trajectories. Sensors 19(9), 2102 (2019)CrossRefGoogle Scholar
  15. 15.
    Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)CrossRefGoogle Scholar
  16. 16.
    Tramontana, E., Verga, G.: Get spatio-temporal flows from GPS data. In: Proceedings of IEEE International Conference on Smart Computing (SMARTCOMP), pp. 282–284 (2018)Google Scholar
  17. 17.
    Tramontana, E., Verga, G.: Mitigating privacy-related risks for Android users. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2019)Google Scholar
  18. 18.
    Wagner, D.T., Rice, A., Beresford, A.R.: Device analyzer: large-scale mobile data collection. ACM SIGMETRICS Perform. Eval. Rev. 41(4), 53–56 (2014)CrossRefGoogle Scholar
  19. 19.
    Wei, T.E., Jeng, A.B., Lee, H.M., Chen, C.H., Tien, C.W.: Android privacy. In: Proceedings of IEEE International Conference on Machine Learning and Cybernetics, vol. 5, pp. 1830–1837 (2012)Google Scholar
  20. 20.
    Zheng, V.W., Zheng, Y., Xie, X., Yang, Q.: Collaborative location and activity recommendations with GPS history data. In: Proceedings of ACM International Conference on World Wide Web, pp. 1029–1038 (2010)Google Scholar
  21. 21.
    Zheng, V.W., Zheng, Y., Xie, X., Yang, Q.: Towards mobile intelligence: learning from GPS history data for collaborative recommendation. Artif. Intell. 184, 17–37 (2012)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Zheng, Y., Xie, X., Ma, W.Y., et al.: GeoLife: a collaborative social networking service among user, location and trajectory. IEEE Data Eng. Bull. 33(2), 32–39 (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Gabriella Verga
    • 1
  • Andrea Fornaia
    • 1
  • Salvatore Calcagno
    • 1
  • Emiliano Tramontana
    • 1
    Email author
  1. 1.Dipartimento di Matematica e InformaticaUniversity of CataniaCataniaItaly

Personalised recommendations