TY - JOUR
T1 - Discovering and understanding android sensor usage behaviors with data flow analysis
AU - Liu, Xing
AU - Liu, Jiqiang
AU - Wang, Wei
AU - He, Yongzhong
AU - Zhang, Xiangliang
N1 - KAUST Repository Item: Exported on 2020-10-01
Acknowledgements: The work reported in this paper is partially supported by the Fundamental Research funds for the central Universities of China (No. K15JB00190), Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, the Ph.D. Programs Foundation of Ministry of Education of China (No. 20120009120010), the Scientific Research Foundation for the Returned Overseas Chinese Scholars, State Education Ministry (No. K14C300020), and in part by the 111 Project (B14005).
PY - 2017/3/20
Y1 - 2017/3/20
N2 - Today’s Android-powered smartphones have various embedded sensors that measure the acceleration, orientation, light and other environmental conditions. Many functions in the third-party applications (apps) need to use these sensors. However, embedded sensors may lead to security issues, as the third-party apps can read data from these sensors without claiming any permissions. It has been proven that embedded sensors can be exploited by well designed malicious apps, resulting in leaking users’ privacy. In this work, we are motivated to provide an overview of sensor usage patterns in current apps by investigating what, why and how embedded sensors are used in the apps collected from both a Chinese app. market called “AppChina” and the official market called “Google Play”. To fulfill this goal, We develop a tool called “SDFDroid” to identify the used sensors’ types and to generate the sensor data propagation graphs in each app. We then cluster the apps to find out their sensor usage patterns based on their sensor data propagation graphs. We apply our method on 22,010 apps collected from AppChina and 7,601 apps from Google Play. Extensive experiments are conducted and the experimental results show that most apps implement their sensor related functions by using the third-party libraries. We further study the sensor usage behaviors in the third-party libraries. Our results show that the accelerometer is the most frequently used sensor. Though many third-party libraries use no more than four types of sensors, there are still some third-party libraries registering all the types of sensors recklessly. These results call for more attentions on better regulating the sensor usage in Android apps.
AB - Today’s Android-powered smartphones have various embedded sensors that measure the acceleration, orientation, light and other environmental conditions. Many functions in the third-party applications (apps) need to use these sensors. However, embedded sensors may lead to security issues, as the third-party apps can read data from these sensors without claiming any permissions. It has been proven that embedded sensors can be exploited by well designed malicious apps, resulting in leaking users’ privacy. In this work, we are motivated to provide an overview of sensor usage patterns in current apps by investigating what, why and how embedded sensors are used in the apps collected from both a Chinese app. market called “AppChina” and the official market called “Google Play”. To fulfill this goal, We develop a tool called “SDFDroid” to identify the used sensors’ types and to generate the sensor data propagation graphs in each app. We then cluster the apps to find out their sensor usage patterns based on their sensor data propagation graphs. We apply our method on 22,010 apps collected from AppChina and 7,601 apps from Google Play. Extensive experiments are conducted and the experimental results show that most apps implement their sensor related functions by using the third-party libraries. We further study the sensor usage behaviors in the third-party libraries. Our results show that the accelerometer is the most frequently used sensor. Though many third-party libraries use no more than four types of sensors, there are still some third-party libraries registering all the types of sensors recklessly. These results call for more attentions on better regulating the sensor usage in Android apps.
UR - http://hdl.handle.net/10754/623822
UR - http://lthlibprod.kaust.edu.sa/publications/forms/processNewItems.php
UR - http://www.scopus.com/inward/record.url?scp=85015638536&partnerID=8YFLogxK
U2 - 10.1007/s11280-017-0446-0
DO - 10.1007/s11280-017-0446-0
M3 - Article
SN - 1386-145X
VL - 21
SP - 105
EP - 126
JO - World Wide Web
JF - World Wide Web
IS - 1
ER -