Digitala Vetenskapliga Arkivet

Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Android privacy C(R)ache: Reading your external storage and sensors for fun and profit
KTH, School of Electrical Engineering (EES), Communication Networks.ORCID iD: 0000-0003-2624-7522
KTH, School of Electrical Engineering (EES), Communication Networks.ORCID iD: 0000-0003-0663-2263
KTH, School of Electrical Engineering (EES), Communication Networks.ORCID iD: 0000-0002-3267-5374
2016 (English)In: PAMCO 2016 - Proceedings of the 2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing, Association for Computing Machinery (ACM), 2016, p. 1-10Conference paper, Published paper (Refereed)
Abstract [en]

Android's permission system empowers informed privacy decisions when installing third-party applications. However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ-EXTERNAL-STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a "curious" application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, "curious" applications.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2016. p. 1-10
Keywords [en]
Android permissions, External storage, Monitoring, Personal data leakage, Profiling, Android (operating system), Data mining, Digital storage, Mobile computing, Access permissions, Private information, Sensitive informations, Third party application (Apps), User data, Data privacy
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-197174DOI: 10.1145/2940343.2940346Scopus ID: 2-s2.0-84982851758ISBN: 9781450343466 (print)OAI: oai:DiVA.org:kth-197174DiVA, id: diva2:1055746
Conference
2nd MobiHoc International Workshop on Privacy-Aware Mobile Computing, PAMCO 2016, 5 July 2016
Note

QC 20161213

Available from: 2016-12-13 Created: 2016-11-30 Last updated: 2024-03-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopushttps://www.sigmobile.org/mobihoc/2016/workshops/

Search in DiVA

By author/editor
Stylianos, GisdakisGiannetsos, ThanassisPapadimitratos, Panos
By organisation
Communication Networks
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 64 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf