ARMOUR US: Android Runtime Zero-permission Sensor Usage Monitoring from User Space

TL;DR

This paper presents ARMOUR, a user-space runtime monitoring tool for Android that detects zero-permission sensor access, helping users and researchers identify potential privacy violations without requiring rooting or complex analysis.

Contribution

ARMOUR enables effective, app-agnostic monitoring of zero-permission sensor usage from user space, addressing limitations of static and hooking-based dynamic analysis methods.

Findings

ARMOUR detects sensor usage even in obfuscated code.

50% of apps from sensor-independent categories access multiple zero-permission sensors.

ARMOUR effectively identifies sensor abuse patterns.

Abstract

This work investigates how to monitor access to Android zero-permission sensors which could cause privacy leakage to users. Moreover, monitoring such sensitive access allows security researchers to characterize potential sensor abuse patterns. Zero-permission sensors such as accelerometers have become an indispensable part of Android devices. The critical information they provide has attracted extensive research investigating how data collectors could capture more sensor data to enable both benign and exploitative applications. In contrast, little work has explored how to enable data providers, such as end users, to understand sensor usage. While existing methods such as static analysis and hooking-based dynamic analysis face challenges of requiring complicated development chains, rooting privilege, and app-specific reverse engineering analysis, our work aims to bridge this gap by developing ARMOUR for user-space runtime monitoring, leveraging the intrinsic sampling rate variation and convergence behaviors of Android. ARMOUR enables privacy-aware users to easily monitor how third-party apps use sensor data and support security researchers to perform rapid app-agnostic sensor access analysis. Our evaluation with 1,448 commercial applications shows the effectiveness of ARMOUR in detecting sensor usage in obfuscated code and other conditions, and observes salient sensor abuse patterns such as 50% of apps from seemingly sensor-independent categories accessing data of multiple zero-permission sensors. We analyze the impact of Android's recent policy changes on zero-permission sensors and remaining technical and regulatory problems.