senDroid: Auditing Sensor Access in Android System-wide
IEEE Transactions on Dependable and Secure Computing(2020)
摘要
Sensors are widely used in modern mobile devices (e.g., smartphones, watches) and may gather information, including photos, sounds and locations, from environments as well as about users. However, the powerful sensing abilities provide opportunities for attackers to steal both personal sensitive data and commercial secrets. Unfortunately, the current design only provides a coarse access control on sensors and does not have the capability to audit sensing. In this paper, we firstly leverage a hook-based track method, where the processes of applications and Android system will be hooked to track sensor accesses. Thus, sensing operations will be intercepted and audited according to predefined audit policies. We implement a prototype referred to as senDroid, which visually shows the quantitative usage of these sensors in real time at a performance overhead of [0.04--8.05]%. senDroid allows Android users to audit the applications in real time. Our empirical study on 1,489 popular apps shows that 26.32% apps access sensors when the apps are launched, and 11.01% apps access sensors while the apps run in the background. Our reverse-engineering shows that 77.27% apps access sensors via third-party libraries, but such access rarely appears in the appsu0027 descriptions, which calls for attention to sensor access to address the usersu0027 privacy concerns.
更多查看译文
关键词
Smart phones,Standards,Libraries,Graphics,Androids,Humanoid robots,Monitoring
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络