Skip to main content
SpringerLink
Log in

This is Just Metadata: From No Communication Content to User Profiling, Surveillance and Exploitation

  • Chapter
  • First Online:
Advances in Core Computer Science-Based Technologies

Part of the book series: Learning and Analytics in Intelligent Systems ((LAIS,volume 14))

Abstract

Mobile devices have become an indispensable part of our daily lives. Practically, most of our everyday communication is performed through mobile devices which host third party apps and provide for various means of interaction with diverse levels of security. Android is by far the most widely used mobile operating system, with a user base in the scale of billions. However, while Android Open Source Project (AOSP) is paving the way for all manufacturers, Android market is so fragmented that those who are using the latest version are only a small minority. Moreover, Android comes in several flavours as manufacturers tailor it to their needs. However, this tailoring often prevents users from getting the latest updates. In fact, as we show, manufacturers may not follow the security and privacy guidelines of AOSP, exposing their users to unexpected threats. In this work we study a yet unpatched vulnerability by most major manufacturers, and partially fixed in AOSP, which allows for an adversary to extract important information from the victim’s device. To this end, we showcase that unprivileged apps, without actually using any permissions, can harvest a considerable amount of valuable user information. This is achieved by monitoring and exploiting the file and folder metadata of the most well-known messaging apps in Android, which have been hitherto considered secure, deriving thereby usage statistics in order to elicit user profiles, social connections, credentials or other sensitive information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.washingtonpost.com/news/wonk/wp/2013/06/12/heres-everything-we-know-about-prism-to-date/?utm/term=.2e201efd7097.

  2. 2.

    For instance see Samsung: https://security.samsungmobile.com/securityUpdate.smsb.

  3. 3.

    https://termux.com/.

  4. 4.

    https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers.

References

  1. Y. Aafer, W. Du, H. Yin, Droidapiminer: mining API-level features for robust malware detection in android, in International Conference on Security and Privacy in Communication Systems (Springer, 2013), pp. 86–103

    Google Scholar 

  2. E. Alepis, C. Patsakis, Trapped by the UI: the android case, in International Symposium on Research in Attacks, Intrusions, and Defenses (Springer, 2017), pp. 334–354

    Google Scholar 

  3. E. Alepis, C. Patsakis, Unravelling security issues of runtime permissions in android (J. Hardw. Syst, Secur, 2018)

    Google Scholar 

  4. Y. Amit, Accessibility clickjacking the next evolution in android malware that impacts more than 500 million devices (2016). https://www.skycure.com/blog/accessibility-clickjacking/

  5. Android Developer, Permission changes. https://developer.android.com/about/versions/nougat/android-7.0-changes.html. Accessed 07 Feb 2018

  6. Android Developer. Android 7.0 behavior changes (2017). https://developer.android.com/about/versions/nougat/android-7.0-changes.html

  7. D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, C.E.R.T. Siemens, Drebin: effective and explainable detection of android malware in your pocket. NDSS 14, 23–26 (2014)

    Google Scholar 

  8. A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, G. Vigna, What the app is that? deception and countermeasures in the android user interface, in Proceedings of the 2015 IEEE Symposium on Security and Privacy (IEEE Computer Society, 2015), pp. 931–948

    Google Scholar 

  9. Check Point Mobile Research Team, Android permission security flaw (2017). https://blog.checkpoint.com/2017/05/09/android-permission-security-flaw/. Accessed 09 Sep 2017

  10. Q.A. Chen, Z. Qian, Z.M. Mao, Peeking into your app without actually seeing it: UI state inference and novel android attacks, in 23rd USENIX Security Symposium (USENIX Security 14) (San Diego, CA, USENIX Association, 2014), pp. 1037–1052

    Google Scholar 

  11. ElevenPaths, An innovative tool for the monitoring and analysis of mobile threats. https://www.elevenpaths.com/technology/tacyt/index.html

  12. P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M.S. Gaur, M. Conti, M. Rajarajan, Android security: a survey of issues, malware penetration, and defenses. IEEE Commun Surv Tutor 17(2), 998–1022

    Google Scholar 

  13. A.P. Felt, M. Finifter, E. Chin, S. Hanna, D. Wagner, A survey of mobile malware in the wild, in Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile Devices (ACM, 2011), pp. 3–14

    Google Scholar 

  14. Y. Fratantonio, C. Qian, S. Chung, W. Lee, Cloak and dagger: from two permissions to complete control of the UI feedback loop, in Proceedings of the IEEE Symposium on Security and Privacy (Oakland) (, San Jose CA, 2017)

    Google Scholar 

  15. Google, AOSP source code for filesystem\(\_\)config. https://android.googlesource.com/platform/system/core/+/master/libcutils/include/private/android_filesystem_config.h

  16. M. Grace, Y. Zhou, Q. Zhang, S. Zou, X. Jiang, Riskranker: scalable and accurate zero-day android malware detection, in Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (ACM, 2012), pp. 281–294

    Google Scholar 

  17. K. Nohl, J. Lell. Mind the Gap—Uncovering the Android Patch Gap through Binary-only Patch Analysis (2018)

    Google Scholar 

  18. E.J. Kartaltepe, J.A. Morales, S. Xu, R. Sandhu, Social network-based botnet command-and-control: emerging threats and countermeasures, in International Conference on Applied Cryptography and Network Security (Springer, 2010), pp. 511–528

    Google Scholar 

  19. Avantika Mathur, Mingming Cao, Suparna Bhattacharya, Andreas Dilger, Alex Tomas, Laurent Vivier, The new ext4 filesystem: current status and future plans. Proc. Linux Symp. 2, 21–33 (2007)

    Google Scholar 

  20. K. Nohl, Mobile self-defense (snoopsnitch), in Proceedings of Chaos Computer Security Conference (2014)

    Google Scholar 

  21. Ed O’Keefe, https://www.washingtonpost.com/news/post-politics/wp/2013/06/06/transcript-dianne-feinstein-saxby-chambliss-explain-defend-nsa-phone-records-program/?utm_term=.f2e1466faae2 (2013)

  22. C. Patsakis, E. Alepis, Knock-knock: the unbearable lightness of android notifications, in Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Funchal, Madeira-Portugal, January 22–24, 2018, ed. by P. Mori, S. Furnell, O. Camp (SciTePress, 2018), pp. 52–61

    Google Scholar 

  23. N. Peiravian, X. Zhu, Machine learning for android malware detection using permission and API calls, in 2013 IEEE 25th International Conference on Tools with Artificial Intelligence (ICTAI) (IEEE, 2013), pp. 300–305

    Google Scholar 

  24. Android Police, https://www.androidpolice.com/2017/11/12/google-will-remove-play-store-apps-use-accessibility-services-anything-except-helping-disabled-users/ (2017)

  25. C. Spensky, J. Stewart, A. Yerukhimovich, R. Shay, A. Trachtenberg, R. Housley, R.K. Cunningham, Sok: privacy on mobile devices–it’s complicated. Proc. Privacy Enhanc. Technol. 2016(3), 96–116 (2016)

    Article  Google Scholar 

  26. Statista, Global market share held by the leading smartphone operating systems in sales to end users from 1st quarter 2009 to 2nd quarter 2018. https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/

  27. T. Vidas, D. Votipka, N. Christin, All your droid are belong to us: a survey of current android attacks, in Proceedings of the 5th USENIX Conference on Offensive Technologies (USENIX Association, 2011), pp. 10–10

    Google Scholar 

  28. D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, K.-P. Wu, Droidmat: android malware detection through manifest and API calls tracing, in 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS) (IEEE, 2012), pp. 62–69

    Google Scholar 

  29. L. Ying, Y. Cheng, Y. Lu, Y. Gu, P. Su, D. Feng, Attacks and defence on android free floating windows, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ACM, 2016), pp 759–770

    Google Scholar 

  30. Y. Zhou, W. Zhi, W. Zhou, X. Jiang, Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. NDSS 25, 50–52 (2012)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank ElevenPaths for their valuable feedback and granting them access to Tacyt.

Author information

Authors and Affiliations

  1. Department of Informatics, University of Piraeus, Piraeus, Greece

    Constantinos Kapetanios, Efthimios Alepis & Constantinos Patsakis

  2. Department of Informatics, University of Athens, Athens, Greece

    Theodoros Polyzos

Authors
  1. Constantinos Kapetanios
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Theodoros Polyzos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Efthimios Alepis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Constantinos Patsakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Constantinos Patsakis .

Editor information

Editors and Affiliations

  1. Department of Informatics, University of Piraeus, Piraeus, Greece

    George A. Tsihrintzis

  2. Department of Informatics, University of Piraeus, Piraeus, Greece

    Maria Virvou

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Kapetanios, C., Polyzos, T., Alepis, E., Patsakis, C. (2021). This is Just Metadata: From No Communication Content to User Profiling, Surveillance and Exploitation. In: Tsihrintzis, G., Virvou, M. (eds) Advances in Core Computer Science-Based Technologies. Learning and Analytics in Intelligent Systems, vol 14. Springer, Cham. https://doi.org/10.1007/978-3-030-41196-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41196-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41195-4

  • Online ISBN: 978-3-030-41196-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation