Tap-Wave-Rub: Lightweight Malware Prevention for Smartphones Using Intuitive Human Gestures

TL;DR

Tap-Wave-Rub (TWR) is a lightweight, gesture-based malware prevention method for smartphones that uses simple, intuitive gestures detected by sensors to determine application safety with minimal user burden.

Contribution

The paper introduces TWR, a novel gesture-based permission enforcement system for smartphones, including sensor mechanisms and an enhanced Android permission model.

Findings

High accuracy in gesture detection with low false positives/negatives

Effective malware prevention with minimal user burden

Prototype implementation demonstrating practicality

Abstract

In this paper, we introduce a lightweight permission enforcement approach - Tap-Wave-Rub (TWR) - for smartphone malware prevention. TWR is based on simple human gestures that are very quick and intuitive but less likely to be exhibited in users' daily activities. Presence or absence of such gestures, prior to accessing an application, can effectively inform the OS whether the access request is benign or malicious. Specifically, we present the design of two mechanisms: (1) accelerometer based phone tapping detection; and (2) proximity sensor based finger tapping, rubbing or hand waving detection. The first mechanism is geared for NFC applications, which usually require the user to tap her phone with another device. The second mechanism involves very simple gestures, i.e., tapping or rubbing a finger near the top of phone's screen or waving a hand close to the phone, and broadly appeals to many applications (e.g., SMS). In addition, we present the TWR-enhanced Android permission model, the prototypes implementing the underlying gesture recognition mechanisms, and a variety of novel experiments to evaluate these mechanisms. Our results suggest the proposed approach could be very effective for malware detection and prevention, with quite low false positives and false negatives, while imposing little to no additional burden on the users.