论文信息 - I Know Where You All Are! Exploiting Mobile Social Apps for Large-Scale Location Privacy Probing

I Know Where You All Are! Exploiting Mobile Social Apps for Large-Scale Location Privacy Probing

Mobile social apps have been changing the way people interact with each other in the physical world. To help people extend their social networks, Location-Based Social Network LBSN apps e.g., Wechat, SayHi, Momo that encourage people to make friends with nearby strangers have gained their popularity recently. They provide a "Nearby" feature for a user to find other users near him/her. While seeing other users, the user, as well as his/her coarse-grained relative location, will also be visible in the "Nearby" feature of other users. Leveraging this observation, in this paper, we model the location probing attacks, and propose three approaches to perform large-scale such attacks on LBSN apps. Moreover, we apply the new approaches in the risk assessment of eight popular LBSN apps, each of which has millions of installation. The results demonstrate the severity of such attacks. More precisely, our approaches can collect a huge volume of users' location information effectively and automatically, which can be exploited to invade users' privacy. This study sheds light on the research of protecting users' private location information.

[1] Agusti Solanas,et al. Analysis of Privacy and Security Exposure in Mobile Dating Applications , 2015, MSPN.

[2] Yu Zheng,et al. Tutorial on Location-Based Social Networks , 2012 .

[3] Haojin Zhu,et al. All your location are belong to us: breaking mobile social networks for automated user location tracking , 2013, MobiHoc '14.

[4] Jean-François Lalande,et al. Repackaging Android Applications for Auditing Access to Private Data , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[5] Guoliang Xue,et al. Checking in without worries: Location privacy in location based social networks , 2013, 2013 Proceedings IEEE INFOCOM.

[6] Clemente Izurieta,et al. Comparison of JSON and XML Data Interchange Formats: A Case Study , 2009, CAINE.

[7] Radu Sion,et al. Private Badges for Geosocial Networks , 2014, IEEE Transactions on Mobile Computing.

[8] Bernd Freisleben,et al. Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[9] Jure Leskovec,et al. Friendship and mobility: user movement in location-based social networks , 2011, KDD.

[10] Kyumin Lee,et al. Exploring Millions of Footprints in Location Sharing Services , 2011, ICWSM.

[11] Chris Palmer,et al. Public Key Pinning Extension for HTTP , 2015, RFC.

[12] Rick Rogers,et al. Android Application Development - Programming with the Google SDK , 2009 .