Android Privacy C(R)ache: Reading your External Storageand Sensors for Fun and Profit
2015 (English)Report (Other (popular science, discussion, etc.))
Android's permission system empowers informed privacy decisions when installing third-party applications. However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ_EXTERNAL_STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a ``curious'' application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, ``curious'' applications.
Place, publisher, year, edition, pages
KTH Royal Institute of Technology, 2015. , 8 p.
Research subject Information and Communication Technology
IdentifiersURN: urn:nbn:se:kth:diva-178961OAI: oai:DiVA.org:kth-178961DiVA: diva2:878650
QC 201601292015-12-092015-12-092016-01-29Bibliographically approved