[Back]


Contributions to Proceedings:

E. Pan, J. Ren, M. Lindorfer, C. Wilson, D. Choffnes:
"Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications";
in: "Privacy Enhancing Technologies Symposium (PETS)", DeGruyter, 4, 2018, 33 - 50.



English abstract:
The high-fidelity sensors and ubiquitous internet connectivity offered by mobile devices have facilitated an explosion in mobile apps that rely on multi-media features. However, these sensors can also be used in ways that may violate userīs expectations and personal privacy. For example, apps have been caught taking pictures without the userīs knowledge and passively listened for inaudible, ultrasonic audio beacons. The developers of mobile device operating systems recognize that sensor data is sensitive, but unfortunately existing permission models only mitigate some of the privacy concerns surrounding multimedia data.
In this work, we present the first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, AppChina, Mi.com, and Anzhi. We study the behavior of these apps using a combination of static and dynamic analysis techniques. Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. We also identify a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user and without requiring any permissions.

Keywords:
privacy; mobile devices; audio, video, and image leaks


"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1515/popets-2018-0030

Electronic version of the publication:
https://publik.tuwien.ac.at/files/publik_278928.pdf