Abstract
Apps running on a smartphone have the possibility to gather data that can act as a fingerprint for their user. Such data comprise the ids of nearby WiFi networks, features of the device, etc., and they can be a precious asset for offering e.g. customised transportation means, news and ads, etc. Additionally, since WiFi network ids can be easily associated to GPS coordinates, from the users frequent locations it is possible to guess their home address, their shopping preferences, etc. Unfortunately, existing privacy protection mechanisms and permissions on Android OS do not suffice in preventing apps from gathering such data, which can be considered sensitive and not to be disclosed to a third part. This paper shows how an app using only the permission to access WiFi networks could send some private data unknowingly from the user. Moreover, an advanced mechanism is proposed to shield user private data, and to selectively obscure data an app could spy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)
Ascia, G., et al.: Making Android apps data-leak-safe by data flow analysis and code injection. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 205–210 (2016)
Aung, Z., Zaw, W.: Permission-based Android malware detection. Int. J. Sci. Technol. Res. 2(3), 228–234 (2013)
Cavallaro, C., Verga, G., Tramontana, E., Muscato, O.: Multi-agent architecture for point of interest detection and recommendation. In: Proceedings of XX Workshop From Objects to Agents (WOA) (2019)
Di Stefano, A., Fornaia, A., Tramontana, E., Verga, G.: Detecting Android malware according to observations on user activities. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 241–246 (2018)
Enck, W.: Defending users against smartphone apps: techniques and future directions. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 49–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25560-1_3
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. 7(1), 50–57 (2009)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 627–638 (2011)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of ACM Symposium on Usable Privacy and Security (2012)
Google: Android (2019). https://developer.android.com/topic/libraries/support-library
Krupp, B., Sridhar, N., Zhao, W.: SPE: security and privacy enhancement framework for mobile devices. IEEE Trans. Dependable Secure Comput. 14(4), 433–446 (2015)
Montealegre, C., Njuguna, C.R., Malik, M.I., Hannay, P., McAteer, I.N.: Security vulnerabilities in Android applications. In: Proceedings of Australian Information Security Management Conference (2018)
Nguyen, L., et al.: UnLocIn: unauthorized location inference on smartphones without being caught. In: Proceedings of IEEE International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8 (2013)
Qi, M., Wang, Z., He, Z., Shao, Z.: User identification across asynchronous mobility trajectories. Sensors 19(9), 2102 (2019)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)
Tramontana, E., Verga, G.: Get spatio-temporal flows from GPS data. In: Proceedings of IEEE International Conference on Smart Computing (SMARTCOMP), pp. 282–284 (2018)
Tramontana, E., Verga, G.: Mitigating privacy-related risks for Android users. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2019)
Wagner, D.T., Rice, A., Beresford, A.R.: Device analyzer: large-scale mobile data collection. ACM SIGMETRICS Perform. Eval. Rev. 41(4), 53–56 (2014)
Wei, T.E., Jeng, A.B., Lee, H.M., Chen, C.H., Tien, C.W.: Android privacy. In: Proceedings of IEEE International Conference on Machine Learning and Cybernetics, vol. 5, pp. 1830–1837 (2012)
Zheng, V.W., Zheng, Y., Xie, X., Yang, Q.: Collaborative location and activity recommendations with GPS history data. In: Proceedings of ACM International Conference on World Wide Web, pp. 1029–1038 (2010)
Zheng, V.W., Zheng, Y., Xie, X., Yang, Q.: Towards mobile intelligence: learning from GPS history data for collaborative recommendation. Artif. Intell. 184, 17–37 (2012)
Zheng, Y., Xie, X., Ma, W.Y., et al.: GeoLife: a collaborative social networking service among user, location and trajectory. IEEE Data Eng. Bull. 33(2), 32–39 (2010)
Acknowledgement
This work has been supported by project CREAMS—Codes Recognising and Eluding Attacks and Meddling on Systems—funded by Università degli Studi di Catania, Piano della Ricerca 2016/2018 Linea di intervento 2.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Verga, G., Fornaia, A., Calcagno, S., Tramontana, E. (2019). Yet Another Way to Unknowingly Gather People Coordinates and Its Countermeasures. In: Montella, R., Ciaramella, A., Fortino, G., Guerrieri, A., Liotta, A. (eds) Internet and Distributed Computing Systems . IDCS 2019. Lecture Notes in Computer Science(), vol 11874. Springer, Cham. https://doi.org/10.1007/978-3-030-34914-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-34914-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34913-4
Online ISBN: 978-3-030-34914-1
eBook Packages: Computer ScienceComputer Science (R0)