Characterizing sensor leaks in Android apps

Xiaoyu Sun, Xiao Chen, Kui Liu, Sheng Wen, Li Li, John Grundy

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

6 Citations (Scopus)

Abstract

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021
EditorsZhi Jin, Xuandong Li, Jianwen Xiang, Leonardo Mariani, Ting Liu, Xiao Yu, Nahgmeh Ivaki
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages498-509
Number of pages12
ISBN (Electronic)9781665425872
ISBN (Print)9781665425889
DOIs
Publication statusPublished - 2021
EventInternational Symposium on Software Reliability Engineering 2021 - Wuhan, China
Duration: 25 Oct 202128 Oct 2021
Conference number: 32nd
https://ieeexplore.ieee.org/xpl/conhome/9700160/proceeding (Proceedings)

Publication series

NameProceedings - International Symposium on Software Reliability Engineering, ISSRE
PublisherIEEE, Institute of Electrical and Electronics Engineers
Volume2021-October
ISSN (Print)1071-9458
ISSN (Electronic)2332-6549

Conference

ConferenceInternational Symposium on Software Reliability Engineering 2021
Abbreviated titleISSRE 2021
Country/TerritoryChina
CityWuhan
Period25/10/2128/10/21
Internet address

Cite this