Sensor Guardian: prevent privacy inference on Android sensors

Xiaolong Bai; Jie Yin; Yu Ping Wang

doi:10.1186/s13635-017-0061-8

Sensor Guardian: prevent privacy inference on Android sensors

Xiaolong Bai^*, Jie Yin, Yu Ping Wang

^*Corresponding author for this work

Tsinghua University

Research output: Contribution to journal › Article › peer-review

14 Citations (Scopus)

Abstract

Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user’s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications’ access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.

Original language	English
Article number	10
Journal	Eurasip Journal on Information Security
Volume	2017
Issue number	1
DOIs	https://doi.org/10.1186/s13635-017-0061-8
Publication status	Published - 1 Dec 2017
Externally published	Yes

Keywords

Android
Instrumentation
Privacy
Protection
Sensor

Access to Document

10.1186/s13635-017-0061-8

Cite this

@article{79195fba33b34ca281889fde3ae1f31b,

title = "Sensor Guardian: prevent privacy inference on Android sensors",

abstract = "Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user{\textquoteright}s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications{\textquoteright} access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.",

keywords = "Android, Instrumentation, Privacy, Protection, Sensor",

author = "Xiaolong Bai and Jie Yin and Wang, {Yu Ping}",

note = "Publisher Copyright: {\textcopyright} 2017, The Author(s).",

year = "2017",

month = dec,

day = "1",

doi = "10.1186/s13635-017-0061-8",

language = "English",

volume = "2017",

journal = "Eurasip Journal on Information Security",

issn = "1687-4161",

publisher = "Springer Science and Business Media Deutschland GmbH",

number = "1",

}

TY - JOUR

T1 - Sensor Guardian

T2 - prevent privacy inference on Android sensors

AU - Bai, Xiaolong

AU - Yin, Jie

AU - Wang, Yu Ping

PY - 2017/12/1

Y1 - 2017/12/1

N2 - Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user’s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications’ access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.

AB - Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user’s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications’ access to sensors. Sensor Guardian inserts hooks into applications by statically instrumenting their APK (short for Android Package Kit) files and enforces control policies in these hooks at runtime. Our evaluation shows that Sensor Guardian can effectively and efficiently mitigate the privacy inference threat on Android sensors, with negligible overhead during both static instrumentation and runtime control.

KW - Android

KW - Instrumentation

KW - Privacy

KW - Protection

KW - Sensor

UR - http://www.scopus.com/inward/record.url?scp=85020690656&partnerID=8YFLogxK

U2 - 10.1186/s13635-017-0061-8

DO - 10.1186/s13635-017-0061-8

M3 - Article

AN - SCOPUS:85020690656

SN - 1687-4161

VL - 2017

JO - Eurasip Journal on Information Security

JF - Eurasip Journal on Information Security

IS - 1

M1 - 10

ER -

Sensor Guardian: prevent privacy inference on Android sensors

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this