Xiaoyu Ji,Wenjun Zhu,Shilin Xiao,Wenyuan Xu

DOI: https://doi.org/10.1038/s44287-024-00073-2

2024-01-01

Abstract:Sensors are extensively used in the Internet of Things (IoT) applications, enhancing daily convenience but also raising concerns about privacy leakage. To address this, we advocate for protecting data privacy at the moment it is generated by sensors, rather than trying to secure it afterwards.

Weili Han,Chang Cao,Hao Chen,Dong Li,Zheran Fang,Wenyuan Xu,X. Sean Wang

DOI: https://doi.org/10.1109/tdsc.2017.2768536

2020-01-01

Abstract:Sensors are widely used in modern mobile devices (e.g., smartphones, watches) and may gather abundant information from environments as well as about users, e.g., photos, sounds and locations. The rich set of sensor data enables various applications (e.g., health monitoring) and personalized apps as well. However, the powerful sensing abilities provide opportunities for attackers to steal both personal sensitive data and commercial secrets like never before. Unfortunately, the current design of smart devices only provides a coarse access control on sensors and does not have the capability to audit sensing. We argue that knowing how often the sensors are accessed and how much sensor data are collected is the first-line defense against sensor data breach. Such an ability is yet to be designed. In this paper, we propose a framework that allows users to acquire sensor data usages. In particular, we leverage a hook-based track method to track sensor accesses. Thus, with no need to change the source codes of the Android system and applications, we can intercept sensing operations to graphic sensors, audio sensors, location sensors, and standard sensors, and audit them from four aspects: flow audit, frequency audit, duration audit and invoker audit. Then, we implement a prototype, referred to as senDroid, which visually shows the quantitative usages of these sensors in real time at a performance overhead of [0.04-8.05] percent. senDroid allows Android users to audit the applications even when they bypass the Android framework via JNI invocations or when the malicious codes are dynamically loaded from the server side. Our empirical study on 1,489 popular apps in three well-known Android app markets shows that 26.32 percent apps access sensors when the apps are launched, and 11.01 percent apps access sensors while the apps run in the background. Furthermore, we analyze the relevance between sensor usage patterns and third-party libraries, and reverse-engineering on suspicious third-party libraries shows that 77.27 percent apps access sensors via third-party libraries. Our results call attentions to address the users' privacy concerns caused by sensor access.

Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Shradha Neupane,Faiza Tazi,Upakar Paudel,Freddy Freddy Veloz Baez,Merzia Adamjee,Lorenzo De Carli,Sanchari Das,Indrakshi Ray

DOI: https://doi.org/10.2139/ssrn.4121997

2022-01-01

SSRN Electronic Journal

Abstract:Most Internet of Things (IoT) devices provide access through mobile companion apps to configure, update, and control the devices. In many cases, these apps handle all user data moving in and out of devices and cloud endpoints. Thus, they constitute a critical component in the IoT ecosystem from a privacy standpoint, but they have historically been understudied. In this paper, we perform a latitudinal study and analysis of a sample of 455 IoT companion apps to understand their privacy posture using various methods and evaluate whether apps follow best practices. Specifically, we focus on three aspects: data privacy, security, and risk. Our findings indicate: (i) apps may over-request permissions , particularly for tasks that are not related to their functioning; and (ii) there is widespread use of programming and configuration practices which may reduce security, with the concerning extreme of two apps transmitting credentials in unencrypted form.

Shuodi Hui,Zhenhua Wang,Xueshi Hou,Xiao Wang,Huandong Wang,Yong Li,Depeng Jin

DOI: https://doi.org/10.1109/jiot.2020.3038639

IF: 10.6

2021-05-01

IEEE Internet of Things Journal

Abstract:Privacy leakage of Internet of Things (IoT) has become a great challenge with the popularity of IoT services through mobile networks, such as smart homes, wearables, and healthcare. While previous work summarized general structures to analyze IoT privacy and provide case studies of specific devices or scenarios, it is still challenging to conduct a comprehensive and systematic quantification study of large-scale IoT privacy leakage in real world. To combine systematic analyses with real-world measurements, we provide a method to quantify IoT privacy leakage on a large-scale mobile network traffic data set containing 47651 IoT devices. We generate privacy fingerprints and attribute them to a privacy quantification framework. The framework is constructed based on the semantics of multiple privacy sensitive markers selected from the traffic along with the involved network entity types in IoT (i.e., user, device, and platform), and the fingerprints are generated from sensitive information extracted in the traffic via their markers. Our quantification shows that IoT users, devices, and platforms have considerable risks, respectively. Moreover, IoT devices have a larger scale of privacy leakage than users and platforms, and they perform different daily patterns on privacy leakage following their working conditions. In addition, we present three case studies on the leakage of location information, application calling, and voice service, which illustrate that a third party can profile a network entity in both cyberspace and physical space.

computer science, information systems,telecommunications,engineering, electrical & electronic

Leonardo Babun,Z. Berkay Celik,Patrick McDaniel,A. Selcuk Uluagac

DOI: https://doi.org/10.2478/popets-2021-0009

2020-11-09

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Abstract: Users trust IoT apps to control and automate their smart devices. These apps necessarily have access to sensitive data to implement their functionality. However, users lack visibility into how their sensitive data is used, and often blindly trust the app developers. In this paper, we present IoTWATcH, a dynamic analysis tool that uncovers the privacy risks of IoT apps in real-time. We have designed and built IoTWATcH through a comprehensive IoT privacy survey addressing the privacy needs of users. IoTWATCH operates in four phases: (a) it provides users with an interface to specify their privacy preferences at app install time, (b) it adds extra logic to an app’s source code to collect both IoT data and their recipients at runtime, (c) it uses Natural Language Processing (NLP) techniques to construct a model that classifies IoT app data into intuitive privacy labels, and (d) it informs the users when their preferences do not match the privacy labels, exposing sensitive data leaks to users. We implemented and evaluated IoTWATcH on real IoT applications. Specifically, we analyzed 540 IoT apps to train the NLP model and evaluate its effectiveness. IoTWATcH yields an average 94.25% accuracy in classifying IoT app data into privacy labels with only 105 ms additional latency to an app’s execution.

Shuai Li,Zhemin Yang,Yunteng Yang,Dingyi Liu,Min Yang

DOI: https://doi.org/10.1109/tifs.2024.3356197

IF: 7.231

2024-02-14

IEEE Transactions on Information Forensics and Security

Abstract:With the characteristics of free installation and rich functionalities, mobile mini-apps have become more and more popular in people's daily life. A large amount of sensitive personal data is thus involved in them and shared across users for providing various services, which raises great privacy concerns. However, few researchers have paid attention to the potential privacy risks that may exist when user data is shared across users in mobile mini-apps. In this paper, we introduce a novel privacy risk that is brought forward by cross-user personal data over-delivery (denoted as XPO) in mobile mini-apps. Such a discovered privacy risk is demonstrated to be able to cause serious leakage of diverse user data. To detect XPO risk, a dynamic and lightweight mini-app analysis framework – XPOScope is proposed. XPOScope is able to automatically identify XPO risk at a large scale. By applying it to 4,273 mini-apps hosted on three popular platforms, i.e., WeChat, Baidu and Alipay, XPOScope reported 71 vulnerable ones, with a precision of 92.21% and a recall of 80.68%. In addition to the mere exposure of diverse private user data, case studies performed show that XPO in mini-apps can further lead to impersonation attacks, the infringement of employees' privacy, economic loss and even the leakage of sensitive business secrets. The results call for the awareness and actions of mobile mini-app developers to secure cross-user personal data delivery. The code of this work is available at https://github.com/ppflower/XPOScope.

computer science, theory & methods,engineering, electrical & electronic

Qingsong Zou,Qing Li,Ruoyu Li,Yucheng Huang,Gareth Tyson,Jingyu Xiao,Yong Jiang

DOI: https://doi.org/10.1145/3580890

2023-01-01

Abstract:With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern.

Peifu Yang,Yuhong Nan,Lei Xue,Yuliang Zhang,Juan Zhai,Zibin Zheng

DOI: https://doi.org/10.1109/jiot.2024.3432778

2024-01-01

Abstract:The rapid advancement of intelligent connected vehicles (ICVs) in the automotive sector has significantly intensified security and privacy issues. Particularly, the previous studies have indicated that the ICV users (owners) are deeply concerned about the extensive data gathered by these vehicles. However, current research into vehicle security predominantly concentrates on the analysis and discussion of sensitive data from ICVs of specific brands or models. There is a notable lack of studies that conduct a comprehensive, large-scale investigation into the sensitive data collected by ICVs and assess the privacy implications of such data collection. In this article, we undertake an extensive investigation to comprehend the privacy risks associated with Internet-connected vehicles (ICVs) through their companion mobile apps. To accomplish this, we have devised a semi-automatic pipeline leveraging program analysis and large language model (LLM) to identify and track sensitive data across these apps. Specifically, we begin by constructing a detailed knowledge base of ICV sensitive data extracted from the privacy policies of companion apps. Subsequently, we conduct static analysis on the car companion apps, pinpointing instances of sensitive data usage within the app code and analysing their potential privacy risks. Our analysis, covering 401 car companion apps spanning 271 unique vehicle brands, unveils several noteworthy findings concerning the usage of user sensitive data in the ICV ecosystem. For instance, various entities within the ICV ecosystem collect a wide array of sensitive data, including brake status, passenger occupancy, and insurance details. Alarmingly, we discover that 37.91% of car companion apps fail to adequately disclose their data usage practices. Moreover, we observe extensive involvement of entities beyond vehicle manufacturers in the handling of vehicle sensitive data, including data analytics companies, charging service providers, and cloud service vendors.

Qingsong Zou,Qing Li,Ruoyu Li,Yucheng Huang,Gareth Tyson,Jingyu Xiao,Yong Jiang

DOI: https://doi.org/10.1145/3580890

2023-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern.

Shuai Li,Zhemin Yang,Nan Hua,Peng Liu,Xiaohan Zhang,Guangliang Yang,Min Yang

DOI: https://doi.org/10.1145/3548606.3559371

2022-01-01

Abstract:ABSTRACTRecent years have witnessed the interesting trend that modern mobile apps perform more and more likely as user-to-user platforms, where app users can be freely and conveniently connected. Upon these platforms, rich and diverse data is often delivered across users, which brings users great conveniences and plentiful services, but also introduces privacy security concerns. While prior work has primarily studied illegitimate personal data collection problems in mobile apps, few paid little attention to the security of this emerging user-to-user platform feature, thus providing a rather limited understanding of the privacy risks in this aspect. In this paper, we focus on the security of the user-to-user platform feature and shed light on its caused insufficiently-studied but critical privacy risk, which is brought forward by cross-user personal data over-delivery (denoted as XPO). For the first time, this paper reveals the landscape of such XPO risk in wild, along with prevalence and severity assessment. To achieve this, we design a novel automated risk detection framework, named XPOChecker, that leverages the advantages of machine learning and program analysis to extensively and precisely identify potential privacy risks during user-to-user connections, and regulate whether the delivered data is legitimate or not. By applying XPOChecker on 13,820 real-world popular Android apps, we find that XPO is prevalent in practice, with 1,902 apps (13.76%) being affected. In addition to the mere exposure of diverse private user data which causes serious and broad privacy infringement, we demonstrate that the XPO exploits can invalidate privacy preservation mechanisms, leak business secrets, and even restore the sensitive membership of victims which potentially poses personal safety threats. Furthermore, we also confirm the existence of XPO risks in iOS apps for the first time. Last, to help understand and prevent XPO, we have responsibly launched two notification campaigns to inform the developers of the affected apps, with the conclusion of five underlying lessons from developers' feedback. We hope our work can make up for the deficiency of the understandings of XPO, help developers avoid XPO, and motivate further researches.

Yuhong Nan,Zhemin Yang,Xiaofeng Wang,Yuan Zhang,Donglai Zhu,Min Yang

DOI: https://doi.org/10.14722/ndss.2018.23092

2018-01-01

Abstract:A long-standing challenge in analyzing information leaks within mobile apps is to automatically identify the code operating on sensitive data. With all existing solutions relying on System APIs (e.g., IMEI, GPS location) or features of user interfaces (UI), the content from app servers, like user’s Facebook profile, payment history, fall through the crack. Finding such content is important given the fact that most apps today are web applications, whose critical data are often on the server side. In the meantime, operations on the data within mobile apps are often hard to capture, since all server-side information is delivered to the app in the same way, sensitive or not. A unique observation of our research is that in modern apps, a program is essentially a semantics-rich documentation carrying meaningful program elements such as method names, variables and constants that reveal the sensitive data involved, even when the program is under moderate obfuscation. Leveraging this observation, we develop a novel semantics-driven solution for automatic discovery of sensitive user data, including those from the server side. Our approach utilizes natural language processing (NLP) to automatically locate the program elements (variables, methods, etc.) of interest, and then performs a learning-based program structure analysis to accurately identify those indeed carrying sensitive content. Using this new technique, we analyzed 445,668 popular apps, an unprecedented scale for this type of research. Our work brings to light the pervasiveness of information leaks, and the channels through which the leaks happen, including unintentional over-sharing across libraries and aggressive data acquisition behaviors. Further we found that many high-profile apps and libraries are involved in such leaks. Our findings contribute to a better understanding of the privacy risk in mobile apps and also highlight the importance of data protection in today’s software composition.

Kai-Chih Chang,Haoran Niu,Brian Kim,Suzanne Barber

DOI: https://doi.org/10.3390/e26070561

2024-06-29

Abstract:A user's devices such as their phone and computer are constantly bombarded by IoT devices and associated applications seeking connection to the user's devices. These IoT devices may or may not seek explicit user consent, thus leaving the users completely unaware the IoT device is collecting, using, and/or sharing their personal data or, only marginal informed, if the user consented to the connecting IoT device but did not read the associated privacy policies. Privacy policies are intended to inform users of what personally identifiable information (PII) data will be collected about them and the policies about how those PII data will be used and shared. This paper presents novel tools and the underlying algorithms employed by the Personal Privacy Assistant app (UTCID PPA) developed by the University of Texas at Austin Center for Identity to inform users of IoT devices seeking to connect to their devices and to notify those users of potential privacy risks posed by the respective IoT device. The assessment of these privacy risks must deal with the uncertainty associated with sharing the user's personal data. If privacy risk (R) equals the consequences (C) of an incident (i.e., personal data exposure) multiplied by the probability (P) of those consequences occurring (C × P), then efforts to control risks must seek to reduce the possible consequences of an incident as well as reduce the uncertainty of the incident and its consequences occurring. This research classifies risk according to two parameters: expected value of the incident's consequences and uncertainty (entropy) of those consequences. This research calculates the entropy of the privacy incident consequences by evaluating: (1) the data sharing policies governing the IoT resource and (2) the type of personal data exposed. The data sharing policies of an IoT resource are scored by the UTCID PrivacyCheck™, which uses machine learning to read and score the IoT resource privacy policies against metrics set forth by best practices and international regulations. The UTCID Identity Ecosystem uses empirical identity theft and fraud cases to assess the entropy of privacy incident consequences involving a specific type of personal data, such as name, address, Social Security number, fingerprint, and user location. By understanding the entropy of a privacy incident posed by a given IoT resource seeking to connect to a user's device, UTCID PPA offers actionable recommendations enhancing the user's control over IoT connections, interactions, their personal data, and, ultimately, user-centric privacy control.

Peiyu Liu,Shouling Ji,Lirong Fu,Kangjie Lu,Xuhong Zhang,Jingchang Qin,Wenhai Wang,Wenzhi Chen

DOI: https://doi.org/10.1109/sp46215.2023.10179294

2023-01-01

Abstract:With the rapid technology evolution of the Internet of Things (IoT) and increasing user needs, IoT device re-using becomes more and more common nowadays. For instance, more than 300,000 used IoT devices are selling on Craigslist. During IoT re-using, sensitive data such as credentials and biometrics residing in these devices may face the risk of leakage if a user fails properly dispose of the data. Thus, a critical security concern is raised: do (or can) users properly dispose of the sensitive data in used IoT? To the best of our knowledge, it is still an unexplored problem that desires a systematic study.In this paper, we perform the first in-depth investigation on the user-data disposal of used IoT devices. Our investigation integrates multiple research methods to explore the status quo and the root causes of the user-data leakages with used IoT devices. First, we conduct a user study to investigate the user awareness and understanding of data disposal. Then, we conduct a large-scale analysis on 4,749 IoT firmware images to investigate user-data collection. Finally, we conduct a comprehensive empirical evaluation on 33 IoT devices to investigate the effectiveness of existing data disposal methods.Through the systematical investigation, we discover that IoT devices collect more sensitive data than users expect. Specifically, we detect 121,984 sensitive data collections in the tested firmware. Moreover, users usually do not or even cannot properly dispose of the sensitive data. Worse, due to the inherent characteristics of storage chips, 13.2% of the investigated firmware perform "shallow" deletion, which may allow adversaries to obtain sensitive data after data disposal. Given the large-scale IoT re-using, such leakage would cause a broad impact. We have reported our findings to world-leading companies. We hope our findings raise awareness of the failures of user-data disposal with IoT devices and promote the protection of users’ sensitive data in IoT devices.

Danny Yuxing Huang,Noah Apthorpe,Gunes Acar,Frank Li,Nick Feamster

DOI: https://doi.org/10.1145/3397333

2019-09-21

Abstract:The proliferation of smart home devices has created new opportunities for empirical research in ubiquitous computing, ranging from security and privacy to personal health. Yet, data from smart home deployments are hard to come by, and existing empirical studies of smart home devices typically involve only a small number of devices in lab settings. To contribute to data-driven smart home research, we crowdsource the largest known dataset of labeled network traffic from smart home devices from within real-world home networks. To do so, we developed and released IoT Inspector, an open-source tool that allows users to observe the traffic from smart home devices on their own home networks. Since April 2019, 4,322 users have installed IoT Inspector, allowing us to collect labeled network traffic from 44,956 smart home devices across 13 categories and 53 vendors. We demonstrate how this data enables new research into smart homes through two case studies focused on security and privacy. First, we find that many device vendors use outdated TLS versions and advertise weak ciphers. Second, we discover about 350 distinct third-party advertiser and tracking domains on smart TVs. We also highlight other research areas, such as network management and healthcare, that can take advantage of IoT Inspector's dataset. To facilitate future reproducible research in smart homes, we will release the IoT Inspector data to the public.

Cryptography and Security

Davino Mauro Junior,Luis Melo,Harvey Lu,Marcelo d'Amorim,Atul Prakash

DOI: https://doi.org/10.48550/arXiv.1901.10062

2019-01-29

Abstract:Internet of Things (IoT) devices are becoming increasingly important. These devices are often resource-limited, hindering rigorous enforcement of security policies. Assessing the vulnerability of IoT devices is an important problem, but analyzing their firmware is difficult for a variety of reasons, including requiring the purchase of devices. This paper finds that analyzing companion apps to these devices for clues to security vulnerabilities can be an effective strategy. Compared to device hardware and firmware, these apps are easy to download and analyze. A key finding of this study is that the communication between an IoT device and its app is often not properly encrypted and authenticated and these issues enable the construction of exploits to remotely control the devices. To confirm the vulnerabilities found, we created exploits against five popular IoT devices from Amazon by using a combination of static and dynamic analyses. We also did a larger study, finding that analyzing 96 popular IoT devices only required analyzing 32 companion apps. Among the conservative findings, 50% of the apps corresponding to 38% of the devices did not use proper encryption techniques to secure device to companion app communication. Finally, we discuss defense strategies that developers can adapt to address the lessons from our work.

Cryptography and Security,Software Engineering

Nan Zhang,Soteris Demetriou,Xianghang Mi,Wenrui Diao,Kan Yuan,Peiyuan Zong,Feng Qian,XiaoFeng Wang,Kai Chen,Yuan Tian,Carl A. Gunter,Kehuan Zhang,Patrick Tague,Yue-Hsun Lin

DOI: https://doi.org/10.48550/arXiv.1703.09809

2017-03-29

Abstract:Inspired by the boom of the consumer IoT market, many device manufacturers, start-up companies and technology giants have jumped into the space. Unfortunately, the exciting utility and rapid marketization of IoT, come at the expense of privacy and security. Industry reports and academic work have revealed many attacks on IoT systems, resulting in privacy leakage, property loss and large-scale availability problems. To mitigate such threats, a few solutions have been proposed. However, it is still less clear what are the impacts they can have on the IoT ecosystem. In this work, we aim to perform a comprehensive study on reported attacks and defenses in the realm of IoT aiming to find out what we know, where the current studies fall short and how to move forward. To this end, we first build a toolkit that searches through massive amount of online data using semantic analysis to identify over 3000 IoT-related articles. Further, by clustering such collected data using machine learning technologies, we are able to compare academic views with the findings from industry and other sources, in an attempt to understand the gaps between them, the trend of the IoT security risks and new problems that need further attention. We systemize this process, by proposing a taxonomy for the IoT ecosystem and organizing IoT security into five problem areas. We use this taxonomy as a beacon to assess each IoT work across a number of properties we define. Our assessment reveals that relevant security and privacy problems are far from solved. We discuss how each proposed solution can be applied to a problem area and highlight their strengths, assumptions and constraints. We stress the need for a security framework for IoT vendors and discuss the trend of shifting security liability to external or centralized entities. We also identify open research problems and provide suggestions towards a secure IoT ecosystem.

Cryptography and Security

Evita Bakopoulou,Anastasia Shuba,Athina Markopoulou

DOI: https://doi.org/10.48550/arXiv.2008.08973

2020-08-19

Cryptography and Security

Abstract:Mobile devices have access to personal, potentially sensitive data, and there is a large number of mobile applications and third-party libraries that transmit this information over the network to remote servers (including app developer servers and third party servers). In this paper, we are interested in better understanding of not just the extent of personally identifiable information (PII) exposure, but also its context i.e., functionality of the app, destination server, encryption used, etc.) and the risk perceived by mobile users today. To that end we take two steps. First, we perform a measurement study: we collect a new dataset via manual and automatic testing and capture the exposure of 16 PII types from 400 most popular Android apps. We analyze these exposures and provide insights into the extent and patterns of mobile apps sharing PII, which can be later used for prediction and prevention. Second, we perform a user study with 220 participants on Amazon Mechanical Turk: we summarize the results of the measurement study in categories, present them in a realistic context, and assess users' understanding, concern, and willingness to take action. To the best of our knowledge, our user study is the first to collect and analyze user input in such fine granularity and on actual (not just potential or permitted) privacy exposures on mobile devices. Although many users did not initially understand the full implications of their PII being exposed, after being better informed through the study, they became appreciative and interested in better privacy practices.

Jiangrong Wu,Yuhong Nan,Luyi Xing,Jiatao Cheng,Zimin Lin,Zibin Zheng,Min Yang

DOI: https://doi.org/10.14722/ndss.2024.24138

2024-01-01

Abstract:Cross-app content sharing is one of the prominent features widely used in mobile apps.For example, a short video from one app can be shared to another (e.g., a messaging app) and further viewed by other users.In many cases, such Crossapp content sharing activities could have privacy implications for both the sharer and sharee, such as exposing app users' personal interests.In this paper, we provide the first in-depth study on the privacy implications of Cross-app content sharing (as we call Cracs) activities in the mobile ecosystem.Our research showed that during the sharing process, the adversary can not only track and infer user interests as traditional web trackers but also cause other severe privacy implications to app users.More specifically, due to multiple privacy-intrusive designs and implementations of Cracs, an adversary can easily reveal a user's social relations to an outside party, or unnecessarily expose user identities and her associated personal data (e.g., user accounts in another app).Such privacy implications are indeed a concern for app users, as confirmed by a user study we have performed with 300 participants.To further evaluate the impact of our identified privacy implications at large, we have designed an automatic pipeline named Shark, combined with static analysis and dynamic analysis to effectively identify whether a given app introduces unnecessary data exposure in Cracs.We analyzed 300 top downloaded apps collected from app stores in both the US and China.The analysis results showed that over 55% of the apps from China and 10% from the US are indeed problematic.

Shenao Wang,Yuekang Li,Kailong Wang,Yi Liu,Hui Li,Yang Liu,Haoyu Wang

2024-01-16

Abstract:The advent of MiniApps, operating within larger SuperApps, has revolutionized user experiences by offering a wide range of services without the need for individual app downloads. However, this convenience has raised significant privacy concerns, as these MiniApps often require access to sensitive data, potentially leading to privacy violations. Our research addresses the critical gaps in the analysis of MiniApps' privacy practices, especially focusing on WeChat MiniApps in the Android ecosystem. Despite existing privacy regulations and platform guidelines, there is a lack of effective mechanisms to safeguard user privacy fully. We introduce MiniScope, a novel two-phase hybrid analysis approach, specifically designed for the MiniApp environment. This approach overcomes the limitations of existing static analysis techniques by incorporating dynamic UI exploration for complete code coverage and accurate privacy practice identification. Our methodology includes modeling UI transition states, resolving cross-package callback control flows, and automated iterative UI exploration. This allows for a comprehensive understanding of MiniApps' privacy practices, addressing the unique challenges of sub-package loading and event-driven callbacks. Our empirical evaluation of over 120K MiniApps using MiniScope demonstrates its effectiveness in identifying privacy inconsistencies. The results reveal significant issues, with 5.7% of MiniApps over-collecting private data and 33.4% overclaiming data collection. These findings emphasize the urgent need for more precise privacy monitoring systems and highlight the responsibility of SuperApp operators to enforce stricter privacy measures.

Cryptography and Security,Software Engineering