short-paper

Bind your phone number with caution: automated user profiling through address book matching on smartphone

Authors:

Dengguo FengAuthors Info & Claims

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Pages 335 - 340

https://doi.org/10.1145/2484313.2484356

Published: 08 May 2013 Publication History

Get Access

Abstract

Due to the cost-efficient communicating manner and attractive user experience, messenger applications have dominated every smartphone in recent years. Nowadays, Address Book Matching, a new feature that helps people keep in touch with real world contacts, has been loaded in many popular messenger applications, which unfortunately as well brings severe privacy issues to users. In this paper, we propose a novel method to abuse such feature to automatically collect user profiles. This method can be applied to any application equipped with Address Book Matching independent of mobile platforms. We also build a prototype on Android to verify the effectiveness of our method. Moreover, we integrate profiles gathered from different messenger applications and provide insights by performing a consistency and authenticity analysis on user profile fields. As our experiments show, the abuse of Address Book Matching can cause severe user privacy leakage. Finally, we provide some countermeasures for developers to avoid this issue when designing messenger applications.

References

[1]

Mitalk messenger. http://www.miliao.com/.

Google Scholar

[2]

Wechat. http://weixin.qq.com.

Google Scholar

[3]

M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel. Abusing social networks for automated user profiling. In S. Jha, R. Sommer, and C. Kreibich, editors, Recent Advances in Intrusion Detection, volume 6307 of Lecture Notes in Computer Science, pages 422--441. 2010.

Digital Library

Google Scholar

[4]

A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. Mockdroid: trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile '11, pages 49--54, New York, NY, USA, 2011.

Digital Library

Google Scholar

[5]

L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18th international conference on World wide web, WWW '09, pages 551--560, New York, NY, USA, 2009.

Digital Library

Google Scholar

[6]

A. Braunstein, L. Granka, and J. Staddon. Indirect content privacy surveys: measuring privacy without asking about it. In Proceedings of the Seventh Symposium on Usable Privacy and Security, SOUPS '11, pages 15:1--15:14, New York, NY, USA, 2011.

Digital Library

Google Scholar

[7]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting privacy leaks in iOS applications. In Proceedings of the 18th Annual Network & Distributed System Security Symposium (NDSS), Feb. 2011.

Google Scholar

[8]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010.

Digital Library

Google Scholar

[9]

M. Jakobsson, N. Johnson, and P. Finn. Why and how to perform fraud experiments. IEEE Security and Privacy, 6(2):66--68, Mar. 2008.

Digital Library

Google Scholar

[10]

S. Schrittwieser, P. Fruehwirt, P. Kieseberg, M. Leithner, M. Mulazzani, M. Huber, and E. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), 2012.

Google Scholar

[11]

Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming information-stealing smartphone applications (on android). In Proceedings of the 4th international conference on Trust and trustworthy computing, TRUST'11, pages 93--107, Berlin, Heidelberg, 2011.

Digital Library

Google Scholar

Cited By

View all

He YGu YSu PSun KZhou YWang ZLi Q(2023)A Systematic Study of Android Non-SDK (Hidden) Service API SecurityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.316087220:2(1609-1623)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3160872
Durmaz BAyday E(2021) Entering Watch Dogs * : Evaluating Privacy Risks Against Large-Scale Facial Search and Data Collection IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFOCOMWKSHPS51825.2021.9484550(1-6)Online publication date: 10-May-2021
https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484550
Yue HGuo HMa X(2018)Breaking Users’ Mobile Phone Number Based on Geographical Location: A Case Study with YYInformation10.3390/info90802009:8(200)Online publication date: 6-Aug-2018
https://doi.org/10.3390/info9080200
Show More Cited By

Index Terms

Bind your phone number with caution: automated user profiling through address book matching on smartphone
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

On the Unicity of Smartphone Applications
WPES '15: Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society

Prior works have shown that the list of apps installed by a user reveal a lot about user interests and behavior. These works rely on the semantics of the installed apps and show that various user traits could be learnt automatically using off-the-shelf ...
Towards a Smartphone User Competency Evolution Model
SAICSIT '15: Proceedings of the 2015 Annual Research Conference on South African Institute of Computer Scientists and Information Technologists

Over the past few years smartphones have evolved from being basic devices that support stock-standard, static Operating Systems (OSs) to powerful devices that are capable of running dynamic, customizable OSs. In turn, these OSs also support the ...
User profiling from their use of smartphone applications: A survey
Abstract
The number and popularity of smartphone applications is rising dramatically. Users install and use applications depending on their needs and interests. Applications on smartphones convey lots of personal information, providing us a new ...

Comments

Information & Contributors

Information

Published In

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

May 2013

574 pages

ISBN:9781450317672

DOI:10.1145/2484313

General Chairs:
Kefei Chen
Shanghai Jiao Tong University, China
,
Qi Xie
Hangzhou Normal University, China
,
Weidong Qiu
Shanghai Jiao Tong University, China
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Wen-Guey Tzeng
National Chiao Tung University, Taiwan

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

ASIA CCS '13

Sponsor:

SIGSAC

ASIA CCS '13: 8th ACM Symposium on Information, Computer and Communications Security

May 8 - 10, 2013

Hangzhou, China

Acceptance Rates

ASIA CCS '13 Paper Acceptance Rate 35 of 216 submissions, 16%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
503
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

He YGu YSu PSun KZhou YWang ZLi Q(2023)A Systematic Study of Android Non-SDK (Hidden) Service API SecurityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.316087220:2(1609-1623)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3160872
Durmaz BAyday E(2021) Entering Watch Dogs * : Evaluating Privacy Risks Against Large-Scale Facial Search and Data Collection IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFOCOMWKSHPS51825.2021.9484550(1-6)Online publication date: 10-May-2021
https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484550
Yue HGuo HMa X(2018)Breaking Users’ Mobile Phone Number Based on Geographical Location: A Case Study with YYInformation10.3390/info90802009:8(200)Online publication date: 6-Aug-2018
https://doi.org/10.3390/info9080200
Zhou XWang WJin Q(2018)Multi-dimensional attributes and measures for dynamical user profiling in social networking environmentsMultimedia Tools and Applications10.1007/s11042-014-2230-974:14(5015-5028)Online publication date: 31-Dec-2018
https://dl.acm.org/doi/10.1007/s11042-014-2230-9
Gu YCheng YYing LLu YLi QSu P(2017)Exploiting Android System Services Through Bypassing Service HelpersSecurity and Privacy in Communication Networks10.1007/978-3-319-59608-2_3(44-62)Online publication date: 14-Jun-2017
https://doi.org/10.1007/978-3-319-59608-2_3
Gupta SSubrahmanian VRokne JKumar RCaverlee JTong H(2016)Emerging threats abusing phone numbers exploiting cross-platform featuresProceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining10.5555/3192424.3192668(1339-1341)Online publication date: 18-Aug-2016
https://dl.acm.org/doi/10.5555/3192424.3192668
Gupta SGupta PAhamad MKumaraguru PLu LMannan M(2016)Exploiting Phone Numbers and Cross-Application Features in Targeted Mobile AttacksProceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices10.1145/2994459.2994471(73-82)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2994459.2994471
Sahin MFrancillon AWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Over-The-Top BypassProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978334(1106-1117)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978334
Gupta S(2016)Emerging threats abusing phone numbers exploiting cross-platform features2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)10.1109/ASONAM.2016.7752410(1339-1341)Online publication date: Aug-2016
https://doi.org/10.1109/ASONAM.2016.7752410
Nardo BCannistrà MDiaco VNaso ANovello MZullo ARuggiero MGrande RSacco R(2016) Optimizing Patient Surgical Management Using WhatsApp Application in the Italian Healthcare System Telemedicine and e-Health10.1089/tmj.2015.021922:9(718-725)Online publication date: Sep-2016
https://doi.org/10.1089/tmj.2015.0219
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

On the Unicity of Smartphone Applications

Towards a Smartphone User Competency Evolution Model

User profiling from their use of smartphone applications: A survey

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations