Characterizing sensor leaks in Android apps

Xiaoyu Sun; Xiao Chen; Kui Liu; Sheng Wen; Li Li; John Grundy

doi:10.1109/ISSRE52982.2021.00058

Characterizing sensor leaks in Android apps

Xiaoyu Sun, Xiao Chen, Kui Liu, Sheng Wen, Li Li, John Grundy

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

4 Citations (Scopus)

Abstract

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

Original language	English
Title of host publication	Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021
Editors	Zhi Jin, Xuandong Li, Jianwen Xiang, Leonardo Mariani, Ting Liu, Xiao Yu, Nahgmeh Ivaki
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	498-509
Number of pages	12
ISBN (Electronic)	9781665425872
ISBN (Print)	9781665425889
DOIs	https://doi.org/10.1109/ISSRE52982.2021.00058
Publication status	Published - 2021
Event	International Symposium on Software Reliability Engineering 2021 - Wuhan, China Duration: 25 Oct 2021 → 28 Oct 2021 Conference number: 32nd https://ieeexplore.ieee.org/xpl/conhome/9700160/proceeding (Proceedings)

Publication series

Name	Proceedings - International Symposium on Software Reliability Engineering, ISSRE
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Volume	2021-October
ISSN (Print)	1071-9458
ISSN (Electronic)	2332-6549

Conference

Conference	International Symposium on Software Reliability Engineering 2021
Abbreviated title	ISSRE 2021
Country/Territory	China
City	Wuhan
Period	25/10/21 → 28/10/21
Internet address	https://ieeexplore.ieee.org/xpl/conhome/9700160/proceeding (Proceedings)

Access to Document

10.1109/ISSRE52982.2021.00058

Cite this

Sun, X., Chen, X., Liu, K., Wen, S., Li, L., & Grundy, J. (2021). Characterizing sensor leaks in Android apps. In Z. Jin, X. Li, J. Xiang, L. Mariani, T. Liu, X. Yu, & N. Ivaki (Eds.), Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021 (pp. 498-509). (Proceedings - International Symposium on Software Reliability Engineering, ISSRE; Vol. 2021-October). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ISSRE52982.2021.00058

Sun, Xiaoyu ; Chen, Xiao ; Liu, Kui et al. / Characterizing sensor leaks in Android apps. Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. editor / Zhi Jin ; Xuandong Li ; Jianwen Xiang ; Leonardo Mariani ; Ting Liu ; Xiao Yu ; Nahgmeh Ivaki. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2021. pp. 498-509 (Proceedings - International Symposium on Software Reliability Engineering, ISSRE).

@inproceedings{448c35ab0e04419494dd9b04bcf41dfd,

title = "Characterizing sensor leaks in Android apps",

abstract = "While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps. ",

author = "Xiaoyu Sun and Xiao Chen and Kui Liu and Sheng Wen and Li Li and John Grundy",

note = "Funding Information: This work was supported by the Australian Research Council (ARC) under a Laureate Fellowship project FL190100035, a Discovery Early Career Researcher Award (DECRA) project DE200100016, and a Discovery project DP200100020. This research was also supported by the Open Project Program of the State Key Laboratory of Mathematical Engineering and Advanced Computing (No. 2020A06) and the Open Project Program of the Key Laboratory of Safety-Critical Software (NUAA), Ministry of Industry and Information Technology (No. XCA20026) Publisher Copyright: {\textcopyright} 2021 IEEE.; International Symposium on Software Reliability Engineering 2021, ISSRE 2021 ; Conference date: 25-10-2021 Through 28-10-2021",

year = "2021",

doi = "10.1109/ISSRE52982.2021.00058",

language = "English",

isbn = "9781665425889",

series = "Proceedings - International Symposium on Software Reliability Engineering, ISSRE",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

pages = "498--509",

editor = "Zhi Jin and Xuandong Li and Jianwen Xiang and Leonardo Mariani and Ting Liu and Xiao Yu and Nahgmeh Ivaki",

booktitle = "Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021",

address = "United States of America",

url = "https://ieeexplore.ieee.org/xpl/conhome/9700160/proceeding",

}

Sun, X, Chen, X, Liu, K, Wen, S, Li, L & Grundy, J 2021, Characterizing sensor leaks in Android apps. in Z Jin, X Li, J Xiang, L Mariani, T Liu, X Yu & N Ivaki (eds), Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. Proceedings - International Symposium on Software Reliability Engineering, ISSRE, vol. 2021-October, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 498-509, International Symposium on Software Reliability Engineering 2021, Wuhan, China, 25/10/21. https://doi.org/10.1109/ISSRE52982.2021.00058

Characterizing sensor leaks in Android apps. / Sun, Xiaoyu; Chen, Xiao; Liu, Kui et al.

Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. ed. / Zhi Jin; Xuandong Li; Jianwen Xiang; Leonardo Mariani; Ting Liu; Xiao Yu; Nahgmeh Ivaki. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2021. p. 498-509 (Proceedings - International Symposium on Software Reliability Engineering, ISSRE; Vol. 2021-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Characterizing sensor leaks in Android apps

AU - Sun, Xiaoyu

AU - Chen, Xiao

AU - Liu, Kui

AU - Wen, Sheng

AU - Li, Li

AU - Grundy, John

N1 - Conference code: 32nd

PY - 2021

Y1 - 2021

N2 - While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

AB - While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

UR - http://www.scopus.com/inward/record.url?scp=85126392391&partnerID=8YFLogxK

U2 - 10.1109/ISSRE52982.2021.00058

DO - 10.1109/ISSRE52982.2021.00058

M3 - Conference Paper

AN - SCOPUS:85126392391

SN - 9781665425889

T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE

SP - 498

EP - 509

BT - Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021

A2 - Jin, Zhi

A2 - Li, Xuandong

A2 - Xiang, Jianwen

A2 - Mariani, Leonardo

A2 - Liu, Ting

A2 - Yu, Xiao

A2 - Ivaki, Nahgmeh

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - International Symposium on Software Reliability Engineering 2021

Y2 - 25 October 2021 through 28 October 2021

ER -

Sun X, Chen X, Liu K, Wen S, Li L, Grundy J. Characterizing sensor leaks in Android apps. In Jin Z, Li X, Xiang J, Mariani L, Liu T, Yu X, Ivaki N, editors, Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2021. p. 498-509. (Proceedings - International Symposium on Software Reliability Engineering, ISSRE). https://doi.org/10.1109/ISSRE52982.2021.00058

Characterizing sensor leaks in Android apps

Abstract

Publication series

Conference

Access to Document

Other files and links

ValDefFixApp: Values-oriented Defect Fixing for Mobile Software Applications

HCMDSE: Human-centric Model-driven Software Engineering

Enabling Compatible and Secure Mobile Apps via Automated Program Repair

Cite this

Characterizing sensor leaks in Android apps

Abstract

Publication series

Conference

Access to Document

Other files and links

Projects

ValDefFixApp: Values-oriented Defect Fixing for Mobile Software Applications

HCMDSE: Human-centric Model-driven Software Engineering

Enabling Compatible and Secure Mobile Apps via Automated Program Repair

Cite this