Characterizing Sensor Leaks in Android Apps

TL;DR

This paper introduces SEEKER, a static analysis tool that detects sensor-based privacy leaks in Android apps, addressing a gap in automated detection of such leaks and demonstrating effectiveness on thousands of real-world apps.

Contribution

The paper presents SEEKER, a novel static taint analysis tool extending FlowDroid to automatically identify sensor data leaks in Android applications.

Findings

SEEKER effectively detects sensor leaks in over 40,000 Android apps.

Malicious apps are more prone to leaking sensor data than benign apps.

SEEKER reports specific sensor types involved in privacy leaks.

Abstract

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, SEEKER, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. SEEKER conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that SEEKER is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.