Characterizing Sensor Leaks in Android Apps

2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2021-10-01 DOI:10.1109/ISSRE52982.2021.00058

Xiaoyu Sun, Xiao Chen, Kui Liu, Sheng Wen, Li Li, John C. Grundy

{"title":"Characterizing Sensor Leaks in Android Apps","authors":"Xiaoyu Sun, Xiao Chen, Kui Liu, Sheng Wen, Li Li, John C. Grundy","doi":"10.1109/ISSRE52982.2021.00058","DOIUrl":null,"url":null,"abstract":"While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.","PeriodicalId":162410,"journal":{"name":"2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSRE52982.2021.00058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

查看原文本刊更多论文

Android应用中传感器泄漏的特征分析

虽然手机传感器对于实现高级功能非常有价值，但正如许多最新研究实验证明的那样，攻击者可能会滥用手机传感器在Android应用程序中实施恶意活动。因此，迫切需要规范移动传感器的使用，以防止它们被恶意攻击者利用。然而，尽管在实现这一目标方面已经付出了各种努力，即检测Android应用中的隐私泄漏，但我们还没有找到自动检测Android应用中的传感器泄漏的方法。为了填补这一空白，我们设计并实现了一种新的原型工具Seeker，它扩展了著名的FlowDroid工具，用于检测Android应用中基于传感器的数据泄漏。Seeker直接对Android应用程序的字节码进行以传感器为中心的静态污染分析，不仅报告传感器触发的隐私泄露，还报告泄露涉及的传感器类型。使用超过40000个真实Android应用程序的实验结果表明，Seeker在检测Android应用程序中的传感器泄漏方面是有效的，恶意应用程序比良性应用程序对泄漏传感器数据更感兴趣。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)

自引率

0.00%

发文量