Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Android Privacy C(R)ache: Reading your External Storageand Sensors for Fun and Profit
KTH, School of Electrical Engineering (EES), Communication Networks. (Networked Systems Security)ORCID iD: 0000-0003-2624-7522
KTH, School of Electrical Engineering (EES), Communication Networks. (Networked Systems Security)
KTH, School of Electrical Engineering (EES), Communication Networks. (Networked Systems Security)ORCID iD: 0000-0002-3267-5374
2015 (English)Report (Other (popular science, discussion, etc.))
Abstract [en]

Android's permission system empowers informed privacy decisions when installing third-party applications.  However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ_EXTERNAL_STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a ``curious'' application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, ``curious'' applications.

Place, publisher, year, edition, pages
KTH Royal Institute of Technology, 2015. , 8 p.
Keyword [en]
Security, Privacy
National Category
Communication Systems
Research subject
Information and Communication Technology
Identifiers
URN: urn:nbn:se:kth:diva-178961OAI: oai:DiVA.org:kth-178961DiVA: diva2:878650
Note

QC 20160129

Available from: 2015-12-09 Created: 2015-12-09 Last updated: 2016-01-29Bibliographically approved
In thesis
1. Secure and Privacy Preserving Urban Sensing Systems
Open this publication in new window or tab >>Secure and Privacy Preserving Urban Sensing Systems
2016 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The emergence of resource-rich mobile devices and smart vehicles has paved the way for Urban Sensing. In this new paradigm, users, leveraging their sensing-capable devices, sense their environment and become part of an unprecedented large-scale network of sensors, with extensive spatial and temporal coverage, that enables the collection and dissemination of real-time information, potentially, from anywhere, about anything and at anytime. Urban sensing will facilitate the deployment of innovative applications aiming to address the ever-growing concerns for citizens' well-being by offering a better understanding of our activities and environment.

Nevertheless, the openness of such systems (ideally anyone can participate) and the richness of the data users contribute unavoidably raise significant concerns both about the security of urban sensing applications and the privacy of the participating users. More specifically, users participating in urban sensing applications are expected to contribute sensed data tagged, in many cases, with spatio-temporal information. Misusing such information could reveal sensitive user-specific attributes including their whereabouts, health condition, and habits and lead to extensive and unsolicited user profiling. At the same time, the participation of large numbers of users possessing sensing- capable devices is a double-edged sword: devices can be compromised or faulty or users can be adversarial seeking to manipulate urban sensing systems by submitting intelligently crafted faulty information.

This thesis considers security, resilience and privacy for urban sensing notably in two application domains: intelligent transportation systems and generic smartphone based crowd-sourced sensing applications. For these domains, we design, implement and evaluate provably secure and privacy-preserving solutions capable of protecting the users from the system (i.e., ensuring their privacy in the presence of untrustworthy infrastructure) and the system from malicious users (i.e., holding them accountable for possible system-offending actions)

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2016. 48 p.
Series
TRITA-EE, ISSN 1653-5146 ; 2016:014
National Category
Computer Systems
Research subject
Education and Communication in the Technological Sciences; Electrical Engineering
Identifiers
urn:nbn:se:kth:diva-181100 (URN)978-91-7595-860-6 (ISBN)
Public defence
2016-02-25, Horsal F3, Lindstedtsvägen 26, KTH, Stockholm, 13:00 (English)
Opponent
Supervisors
Note

QC 20160229

Available from: 2016-01-29 Created: 2016-01-28 Last updated: 2016-02-05Bibliographically approved

Open Access in DiVA

fulltext(963 kB)76 downloads
File information
File name FULLTEXT01.pdfFile size 963 kBChecksum SHA-512
e119d22be98b028ad80ff593eb8fb080d3dedf398692318b188063b3e8f31af6e1ae6d8f12e3d10d32b760514b057a1def201a98af9e5d6a81b806fb256fb3ab
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Gisdakis, StylianosGiannetsos, ThanassisPapadimitratos, Panos
By organisation
Communication Networks
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 76 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 315 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf