Privacy Protection for Perceptual Applications on Smartphones

Today's smartphones are equipped with various embedded motion sensors, such as accelerometer, gyroscope, and orientation sensors. Perceptual applications perceive the environment of mobile users via sensors. However, malicious applications may use these sensors to steal user's privacy, and attackers can use sensors as side channel data to infer user's inputs. Existing solutions suffer from limited sensors and overhead problems. In this paper we present Perceptual Assistant (PA), a practical privacy protection system for all the sensors and untrusted perceptual applications. PA allows users to customize the sensor policy of third-party applications, and prevent malicious application from accessing sensors at runtime. We evaluate PA with several typical perceptual applications that perform diverse tasks. PA system shows both practical and lightweight: it can protect user's privacy efficiently while maintaining reasonable overhead.

[1]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[2]  Ross J. Anderson,et al.  PIN skimmer: inferring PINs through the camera and microphone , 2013, SPSM '13.

[3]  Vitaly Shmatikov,et al.  A Scanner Darkly: Protecting User Privacy from Perceptual Applications , 2013, 2013 IEEE Symposium on Security and Privacy.

[4]  Fan Zhang,et al.  Stealthy video capturer: a new video-based spyware in 3G smartphones , 2009, WiSec '09.

[5]  Alexander Varshavsky,et al.  Enabling Secure and Spontaneous Communication between Mobile Devices using Common Radio Environment , 2007 .

[6]  Dowon Hong,et al.  Signcryption with fast online signing and short signcryptext for secure and private mobile communication , 2012, Science China Information Sciences.

[7]  Lujo Bauer,et al.  User-Controllable Security and Privacy for Pervasive Computing , 2007 .

[8]  Johannes Peltola,et al.  Activity classification using realistic data from wearable sensors , 2006, IEEE Transactions on Information Technology in Biomedicine.

[9]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[10]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[11]  Alex Olwal,et al.  LightSense: enabling spatially aware handheld interaction devices , 2006, 2006 IEEE/ACM International Symposium on Mixed and Augmented Reality.

[12]  Sethuraman Panchanathan,et al.  Analysis of low resolution accelerometer data for continuous human activity recognition , 2008, 2008 IEEE International Conference on Acoustics, Speech and Signal Processing.

[13]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[14]  Hao Chen,et al.  Defending against sensor-sniffing attacks on mobile phones , 2009, MobiHeld '09.

[15]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[16]  Guobin Shen,et al.  BeepBeep: a high accuracy acoustic ranging system using COTS mobile devices , 2007, SenSys '07.

[17]  Mirco Musolesi,et al.  Sensing meets mobile social networks: the design, implementation and evaluation of the CenceMe application , 2008, SenSys '08.

[18]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.