Information Leakage in Wearable Applications

Olabenjo, Babatunde; Makaroff, Dwight

doi:10.1007/978-3-030-24907-6_17

Information Leakage in Wearable Applications

Babatunde Olabenjo¹² &
Dwight Makaroff¹²

Conference paper
First Online: 11 July 2019

1554 Accesses
2 Citations

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11611))

Abstract

Wearable apps, specifically smartwatch apps, require permissions to access sensors, user profiles, and the Internet. These permissions, although not crucial for many mobile apps, are essential for health and fitness apps, as well as other wearable apps to work efficiently. Access to data on wearable devices enables malicious apps to extract personal user information. Moreover, benevolent apps can be utilized by attackers if they send private information insecurely. Many studies have examined privacy issues in smartphone apps, and very little has been done to identify and evaluate these issues in wearable smartwatch apps. Since wearable apps can reside either on the phone and watch or both, with all devices capable of accessing the Internet directly, a different dimension to information leakage is presented due to diverse ways in which these devices collect, store and transmit data.

This study classifies and analyzes information leakage in wearable smartwatch apps and examines the exposure of personal information using both static and dynamic approaches. Based on data collected from thousands of wearable applications, we show that standalone wearable apps leak less information compared to companion apps; the majority of data leaks exist in tracking services such as analytics and ad network libraries.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

1.
Wear OS: The essential guide: https://www.wareable.com/android-wear/what-is-android-wear-comprehensive-guide (Accessed: 2019-01-29).
2.
Android Wear Center | Apps, Games, News & Watchfaces for Android Wear. http://www.androidwearcenter.com/ Accessed 2019-01-29.
3.
Matlink: https://github.com/matlink/gplaycli. (Accessed: 2019-02-03).
4.
Package and distribute Wear apps: https://developer.android.com/training/wear-ables/apps/packaging (Accessed: 2019-01-12).
5.
https://docs.oracle.com/javase/tutorial/deployment/jar/defman.html (Accessed: 2019-01-12).
6.
pymiproxy - Python Micro Interceptor Proxy - https://github.com/allfro/pymi-proxy.
7.
AndroWarn: https://github.com/maaaaz/androwarn (Accessed: 2018-11-12).
8.
Trackers: https://reports.exodus-privacy.eu.org/trackers/ (Accessed: 2018-11-20).
9.
Google Analytics: https://analytics.google.com/ (Accessed: 2018-12-10).
10.
Google Ads: https://www.google.com/admob/ (Accessed: 2018-12-10).
11.
Google Developer Support - Monkeyrunner: https://developer.android.com/studio/test/monkeyrunner/ (Accessed: 2019-02-20).
12.
Google Developer Support - Connect to the network: https://developer.android.com/training/basics/network-ops/connecting (Accessed: 2018-11-21).

References

Boillat, T., Rivas, H., Wac, K.: “Healthcare on a Wris”: increasing compliance through checklists on wearables in obesity (self-)management programs. In: Rivas, H., Wac, K. (eds.) Digital Health. HI, pp. 65–81. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-61446-5_6
Chapter Google Scholar
Chauhan, J., Seneviratne, S., Kaafar, M.A., Mahanti, A., Seneviratne, A.: Characterization of early smartwatch apps. In: PerCom Workshops, pp. 1–6. Sydney, Australia, March 2016
Google Scholar
Chen, G., Meng, W., Copeland, J.: Revisiting mobile advertising threats with MAdLife. In: The World Wide Web Conference, WWW 2019, pp. 207–217, San Francisco, CA, May 2019
Google Scholar
Fafoutis, X., Marchegiani, L., Papadopoulos, G.Z., Piechocki, R., Tryfonas, T., Oikonomou, G.: Privacy leakage of physical activity levels in wireless embedded wearable systems. IEEE Signal Process. Lett. 24(2), 136–140 (2017)
Article Google Scholar
Hou, S., Ye, Y., Song, Y., Abdulhayoglu, M.: HinDroid: an intelligent Android malware detection system based on structured heterogeneous information network. In: KDD 2017, Halifax, Canada, pp. 1507–1515, August 2017
Google Scholar
Korner, J., Hitzges, L., Gehrke, D.: Goko Store: Home. https://goko.me/
Lee, M., Lee, K., Shim, J., Cho, S., Choi, J.: Security threat on wearable services: empirical study using a commercial smartband. In: ICCE-Asia, Seoul, South Korea, pp. 1–5, October 2016
Google Scholar
Li, X., Dong, X., Liang, Z.: A usage-pattern perspective for privacy ranking of Android apps. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 245–256. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_14
Chapter Google Scholar
Liu, R., Lin, F.X.: Understanding the characteristics of Android wear OS. In: ACM Mobisys, Singapore, Singapore, pp. 151–164, June 2016
Google Scholar
Moonsamy, V., Batten, L.: Android applications: data leaks via advertising libraries. In: International Symposium on Information Theory and its Applications, Melbourne, Australia, pp. 314–317, October 2014
Google Scholar
Mujahid, S.: Detecting wearable app permission mismatches: a case study on Android wear. In: 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, pp. 1065–1067, September 2017
Google Scholar
Paul, G., Irvine, J.: Privacy implications of wearable health devices. In: SIN 2014, Glasgow, UK, pp. 117:117–117:121, September 2014
Google Scholar
Sun, W., Cai, Z., Li, Y., Liu, F., Fang, S., Wang, G.: Security and privacy in the medical Internet of Things: a review. Secur. Commun. Netw. 2018, 1–9 (2018)
Google Scholar
Tumbleson, C., Winiewski, R.: Apktool - a tool for reverse engineering 3rd party, closed, binary Android apps. https://ibotpeaches.github.io/Apktool/
Wu, S., Zhang, Y., Jin, B., Cao, W.: Practical static analysis of detecting intent-based permission leakage in Android application. In: IEEE ICCT, Chengdu, China, pp. 1953–1957, October 2017
Google Scholar
Zhang, H., Rounte, A.: Analysis and testing of notifications in Android wear applications. In: International Conference on Software Engineering, Buenos Aires, Argentina, pp. 347–357, May 2017
Google Scholar
Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., Shen, X.S.: Security and privacy in smart city applications: challenges and solutions. IEEE Commun. Mag. 55(1), 122–129 (2017)
Article Google Scholar

Download references

Author information

Authors and Affiliations

University of Saskatchewan, Saskatoon, SK, S7N 5C9, Canada
Babatunde Olabenjo & Dwight Makaroff

Authors

Babatunde Olabenjo
View author publications
You can also search for this author in PubMed Google Scholar
Dwight Makaroff
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Babatunde Olabenjo .

Editor information

Editors and Affiliations

Guangzhou University, Guangzhou, China
Guojun Wang
Huazhong University of Science and Technology, Wuhan, China
Jun Feng
Fordham University, New York City, NY, USA
Md Zakirul Alam Bhuiyan
University of New Brunswick, Fredericton, NB, Canada
Rongxing Lu

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Olabenjo, B., Makaroff, D. (2019). Information Leakage in Wearable Applications. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11611. Springer, Cham. https://doi.org/10.1007/978-3-030-24907-6_17

Download citation

DOI: https://doi.org/10.1007/978-3-030-24907-6_17
Published: 11 July 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24906-9
Online ISBN: 978-3-030-24907-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics