Anatomization and Protection of Mobile Apps' Location Privacy Threats

Mobile users are becoming increasingly aware of the privacy threats resulting from apps' access of their location. Few of the solutions proposed thus far to mitigate these threats have been deployed as they require either app or platform modifications. Mobile operating systems (OSes) also provide users with location access controls. In this paper, we analyze the efficacy of these controls in combating the location-privacy threats. For this analysis, we conducted the first location measurement campaign of its kind, analyzing more than 1000 free apps from Google Play and collecting detailed usage of location by more than 400 location-aware apps and 70 Advertisement and Analytics (A&A) libraries from more than 100 participants over a period ranging from 1 week to 1 year. Surprisingly, 70% of the apps and the A&A libraries pose considerable profiling threats even when they sporadically access the user's location. Existing OS controls are found ineffective and inefficient in mitigating these threats, thus calling for a finer-grained location access control. To meet this need, we propose LP-Doctor, a light-weight user-level tool that allows Android users to effectively utilize the OS's location access controls while maintaining the required app's functionality as our userstudy (with 227 participants) shows.

[1]  David A. Wagner,et al.  Short paper: location privacy: user behavior in the field , 2012, SPSM '12.

[2]  Reza Shokri,et al.  Evaluating the Privacy Risk of Location-Based Services , 2011, Financial Cryptography.

[3]  R. A. Leibler,et al.  On Information and Sufficiency , 1951 .

[4]  Julia Rubin,et al.  A Bayesian Approach to Privacy Enforcement in Smartphones , 2014, USENIX Security Symposium.

[5]  Klaus Rechert,et al.  Report from Dagstuhl: the liberation of mobile location data and its implications for privacy research , 2013, MOCO.

[6]  Romit Roy Choudhury,et al.  Hiding stars with fireworks: location privacy through camouflage , 2009, MobiCom '09.

[7]  C. Goodwin A Conceptualization of Motives to Seek Privacy for Nondeviant Consumption , 1992 .

[8]  R RamPrakash.,et al.  Protecting Privacy Against Location-Based Personal Identification , 2015 .

[9]  Hua Lu,et al.  PAD: privacy-area aware, dummy-based location privacy in mobile services , 2008, MobiDE '08.

[10]  Marco Gruteser,et al.  A Field Study of Run-Time Location Access Disclosures on Android Smartphones , 2014 .

[11]  Ling Liu,et al.  MobiMix: Protecting location privacy with mix-zones over road networks , 2011, 2011 IEEE 27th International Conference on Data Engineering.

[12]  Reza Shokri,et al.  Predicting Users' Motivations behind Location Check-Ins and Utility Implications of Privacy Protection Mechanisms , 2015, NDSS.

[13]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[14]  Jeffrey S. Foster,et al.  An Empirical Study of Location Truncation on Android , 2013 .

[15]  Kang G. Shin,et al.  Location Privacy Protection for Smartphone Users , 2014, CCS.

[16]  Hui Zang,et al.  Anonymization of location data does not work: a large-scale measurement study , 2011, MobiCom.

[17]  Clayton Shepard,et al.  LiveLab: measuring wireless networks and smartphone users in the field , 2011, SIGMETRICS Perform. Evaluation Rev..

[18]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[19]  Lothar Fritsch,et al.  Profiling and Location-Based Services (LBS) , 2008, Profiling the European Citizen.

[20]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[21]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[22]  Carmela Troncoso,et al.  Protecting location privacy: optimal strategy against localization attacks , 2012, CCS.

[23]  Szabolcs Vajna,et al.  Modelling bursty time series , 2012, 1211.1175.

[24]  Mark E. J. Newman,et al.  Power-Law Distributions in Empirical Data , 2007, SIAM Rev..

[25]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[26]  E.,et al.  Self-Discrepancy : A Theory Relating Self and Affect , 2022 .

[27]  Hui Xiong,et al.  Achieving Guaranteed Anonymity in GPS Traces via Uncertainty-Aware Path Cloaking , 2010, IEEE Transactions on Mobile Computing.

[28]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[29]  Seungyeop Han,et al.  Short paper: enhancing mobile application permissions with runtime feedback and constraints , 2012, SPSM '12.

[30]  Norman M. Sadeh,et al.  Caché: caching location-enhanced content to improve user privacy , 2011, MobiSys '11.

[31]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[32]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[33]  Xinwen Fu,et al.  Protection of query privacy for continuous location based services , 2011, 2011 Proceedings IEEE INFOCOM.

[34]  David A. Wagner,et al.  How to Ask for Permission , 2012, HotSec.

[35]  Chunming Qiao,et al.  PhoneLab: A Large Programmable Smartphone Testbed , 2013, SENSEMINE@SenSys.

[36]  Catuscia Palamidessi,et al.  Optimal Geo-Indistinguishable Mechanisms for Location Privacy , 2014, CCS.

[37]  Saikat Guha,et al.  Koi: A Location-Privacy Platform for Smartphone Apps , 2012, NSDI.

[38]  John Krumm Realistic Driving Trips For Location Privacy , 2009, Pervasive.

[39]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[40]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.