Maryam Mehrnezhad
ABSTRACT
Abstract: Ambient sensors are being integrated within modern technologies such as mobile, smart buildings, and smart medical devices. Despite the real risks of such sensors, it is hard for users to understand and control such sensor readings since these sensors are freely accessible to mobile, website, and IoT developers without any user permission and notification. Ambient sensors have not been studied for their risks, especially from the user’s point of view. We run an online user study (N=197) and evaluate user awareness, concerns, and preferences for mobile ambient sensors when accessed via apps and websites. Our findings show that users would like to have control over such sensors in a usable way and their protection actions and preferences are consistent across the two platforms (apps and websites). These findings help the sector to develop the next generation of sensor protection mechanisms more effectively.
- Imtiaz Ahmad, Rosta Farzan, Apu Kapadia, and Adam J Lee. 2020. Tangible privacy: Towards user-centric sensor designs for bystander privacy. ACM on Human-Computer Interaction 4, CSCW2 (2020), 1–28.Google Scholar
- Android. 2022. Environment sensors. Available at: “developer.android.com/guide/topics/sensors/sensors_environment”.Google Scholar
- Android. 2022. Permissions on Android. Available at: “developer.android.com/guide/topics/permissions/overview”.Google Scholar
- Android. 2022. Sensors Overview. Available at: “https://developer.android.com/guide/topics/sensors/sensors_overview”.Google Scholar
- Apple. 2021. App Tracking Transparency. Available at: “https://developer.apple.com/documentation/apptrackingtransparency”.Google Scholar
- Apple. 2021. SensorKit. Available at: “developer.apple.com/documentation/sensorkit”.Google Scholar
- Apple. 2022. HomeKit. Available at: “developer.apple.com/documentation/homekit”.Google Scholar
- Irvan B Arief-Ang, Flora D Salim, and Margaret Hamilton. 2017. CD-HOC: indoor human occupancy counting using carbon dioxide sensor data. arXiv preprint arXiv:1706.05286(2017).Google Scholar
- ArsTechnica. 2021. 96% of US users opt out of app tracking in iOS 14.5, analytics find. Available at: “https://arstechnica.com/gadgets/2021/05/96-of-us-users-opt-out-of-app-tracking-in-ios-14-5-analytics-find/”.Google Scholar
- Bosch. 2021. Nordic Thingy: 91. Available at: “nordicsemi.com/Software-and-tools/Prototyping-platforms/Nordic-Thingy-91”.Google Scholar
- Bosch. 2022. Bosch XDK. Available at: “bosch-connectivity.com/products/cross-domain/cross-domain-developement-kit/”.Google Scholar
- Moritz Büchi, Natascha Just, and Michael Latzer. 2017. Caring is not enough: the importance of Internet skills for online privacy protection. Information, Communication & Society 20, 8 (2017), 1261–1278.Google ScholarCross Ref
- Supriyo Chakraborty, Wentao Ouyang, and Mani Srivastava. 2017. LightSpy: Optical eavesdropping on displays using light sensors on mobile devices. In International Conference on Big Data. IEEE, 2980–2989.Google ScholarCross Ref
- Kovila PL Coopamootoo, Maryam Mehrnezhad, and Ehsan Toreini. 2022. ” I feel invaded, annoyed, anxious and I may protect myself”: Individuals’ Feelings about Online Tracking and their Protective Behaviour across Gender and Country. USENIX Security (2022).Google Scholar
- Kirsten Crager, Anindya Maiti, Murtuza Jadliwala, and Jibo He. 2017. Information leakage through mobile motion sensors: User awareness and concerns. In European Workshop on Usable Security.Google ScholarCross Ref
- Michalis Diamantaris, Francesco Marcantoni, Sotiris Ioannidis, and Jason Polakis. 2020. The Seven Deadly Sins of the HTML5 WebAPI: A Large-scale Study on the Risks of Mobile Sensor-based Attacks. ACM Transactions on Privacy and Security (TOPS) 23, 4 (2020), 1–31.Google ScholarDigital Library
- Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: User attention, comprehension, and behavior. In Symposium on Usable Privacy and Security. 1–14.Google ScholarDigital Library
- Thomas Groß. 2017. Why Privacy Is All But Forgotten. Privacy Enhancing Technologies 2017, 4 (2017), 97–118.Google ScholarCross Ref
- Scott Harper, Maryam Mehrnezhad, and John Mace. 2020. User Privacy Concerns of Commercial Smart Buildings. In Workshop on Socio-Technical Aspects in Security and Trust. 40–52.Google Scholar
- Patrick Gage Kelley, Sunny Consolvo, Lorrie Faith Cranor, Jaeyeon Jung, Norman Sadeh, and David Wetherall. 2012. A conundrum of permissions: installing applications on an android smartphone. In Financial cryptography and data security. Springer, 68–79.Google Scholar
- Jacob Kohnstamm and Drudeisha Madhub. 2014. Mauritius Declaration on the Internet of Things. https://edps.europa.eu/sites/edp/files/publication/14-10-14_mauritius_declaration_en.pdf.Google Scholar
- Jacob Kroger. 2018. Unexpected inferences from sensor data: a hidden privacy threat in the internet of things. In IFIP International Internet of Things Conference. Springer, 147–159.Google Scholar
- Ehsan Toreini Maryam Mehrnezhad, Kovila Coopamootoo. 2022. How Can and Would People Protect from Online Tracking?. In Privacy Enhancing Technologies. 1–12.Google Scholar
- Sinziana Mazilu and Gerhard Tröster. 2015. A study on using ambient sensors from smartphones for indoor location detection. In Proceedings of 12th Workshop On positioning, navigation and communication (WPNC). IEEE.Google Scholar
- Maryam Mehrnezhad, Mohammed Aamir Ali, Feng Hao, and Aad van Moorsel. 2016. NFC payment spy: a privacy attack on contactless payments. In Research in Security Standardisation. Springer, 92–111.Google Scholar
- Maryam Mehrnezhad and Ehsan Toreini. 2019. What is this sensor and does this app need access to it?. In Informatics, Vol. 6. Multidisciplinary Digital Publishing Institute, 7.Google Scholar
- Maryam Mehrnezhad, Ehsan Toreini, Siamak F Shahandashti, and Feng Hao. 2018. Stealing PINs via mobile sensors: actual risk versus user perception. International Journal of Information Security 17, 3 (2018), 291–313.Google ScholarDigital Library
- Arsalan Mosenia, Xiaoliang Dai, Prateek Mittal, and Niraj K Jha. 2017. Pinme: Tracking a smartphone user around the world. IEEE Transactions on Multi-Scale Computing Systems 4, 3 (2017), 420–435.Google ScholarCross Ref
- Tobias Nef and et al.2015. Evaluation of Three State-of-the-Art Classifiers for Recognition of Activities of Daily Living from Smart Home Ambient Data.Google Scholar
- Isabelle Oomen and Ronald Leenes. 2008. Privacy risk perceptions and privacy protection strategies. In Policies and research in identity management. Springer, 121–138.Google Scholar
- Yong Jin Park. 2015. Do men and women differ in privacy? Gendered privacy and (in) equality in the Internet. Computers in Human Behavior 50 (2015), 252–258.Google ScholarDigital Library
- Elissa M Redmiles. 2020. User concerns & tradeoffs in technology-facilitated contact tracing. arXiv preprint arXiv:2004.13219(2020).Google Scholar
- Elissa M Redmiles, Ziyun Zhu, Sean Kross, Dhruv Kuchhal, Tudor Dumitras, and Michelle L Mazurek. 2018. Asking for a friend: Evaluating response biases in security user studies. In ACM SIGSAC Conference on Computer and Communications Security. 1238–1255.Google ScholarDigital Library
- Mohd Sabra, Anindya Maiti, and Murtuza Jadliwala. 2018. Keystroke inference using ambient light sensor on wrist-wearables: a feasibility study. In ACM Workshop on Wearable Systems and Applications. 21–26.Google ScholarDigital Library
- Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. 2019. A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing 19, 2 (2019), 245–261.Google ScholarCross Ref
- Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A Selcuk Uluagac. 2019. Aegis: a context-aware security framework for smart home systems. In Annual Computer Security Applications Conference. 28–41.Google ScholarDigital Library
- Laurent Simon and Ross Anderson. 2013. Pin skimmer: inferring pins through the camera and microphone. In ACM workshop on Security and privacy in smartphones & mobile devices. 67–78.Google ScholarDigital Library
- Raphael Spreitzer. 2014. Pin skimming: exploiting the ambient-light sensor in mobile devices. In ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. 51–62.Google ScholarDigital Library
- Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, and Stefan Mangard. 2017. Systematic classification of side-channel attacks: A case study for mobile devices. IEEE Communications Surveys & Tutorials 20, 1 (2017), 465–488.Google ScholarCross Ref
- W3C. 2021. Ambient Light Sensor. Available at: “https://www.w3.org/TR/ambient-light/”.Google Scholar
- W3C. 2021. Permissions. Available at: “w3c.github.io/permissions”.Google Scholar
- W3C. 2022. Devices and Sensors Working Group. Available at: “developer.android.com/guide/topics/sensors/sensors_environment”.Google Scholar
- xda developers. 2021. OxygenOS 10.3.1 (Privacy Alert). Available at: “forum.xda-developers.com/tags/privacy-alert/”.Google Scholar
- Lingjing Yu, Bo Luo, Jun Ma, Zhaoyu Zhou, and Qingyun Liu. 2020. You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi. In USENIX Security Symposium. 55–72.Google Scholar
Index Terms
- Risks of Mobile Ambient Sensors and User Awareness, Concerns, and Preferences
Index terms have been assigned to the content through auto-classification.
Recommendations
Bidding Protocols for Deploying Mobile Sensors
Constructing a sensor network with a mix of mobile and static sensors can achieve a balance between sensor coverage and sensor cost. In this paper, we design two bidding protocols to guide the movement of mobile sensors in such sensor networks to ...
Barrier coverage with line-based deployed mobile sensors
Barrier coverage of a wireless sensor network is a critical issue in military and homeland security applications, aiming to detect intruders that attempt to cross the deployed region. While a range of problems related to barrier coverage have been ...
User activity understanding from mobile phone sensors
UbiComp '10 Adjunct: Proceedings of the 12th ACM international conference adjunct papers on Ubiquitous computing - AdjunctContext acquisition is an important technology for ubiquitous computing. An ideal approach would be easy to deploy and non-intrusive to people's life. Mobile phones equipped with advanced sensors are preferable platform owing to their user-friendliness ...
Comments