Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications

Open access

Abstract

The high-fidelity sensors and ubiquitous internet connectivity offered by mobile devices have facilitated an explosion in mobile apps that rely on multimedia features. However, these sensors can also be used in ways that may violate user’s expectations and personal privacy. For example, apps have been caught taking pictures without the user’s knowledge and passively listened for inaudible, ultrasonic audio beacons. The developers of mobile device operating systems recognize that sensor data is sensitive, but unfortunately existing permission models only mitigate some of the privacy concerns surrounding multimedia data.

In this work, we present the first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, AppChina, Mi.com, and Anzhi. We study the behavior of these apps using a combination of static and dynamic analysis techniques. Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. We also identify a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user and without requiring any permissions.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Apache Thrift. https://thrift.apache.org/.

  • [2] Appsee Mobile App Analytics. https://www.appsee.com/.

  • [3] Appsee Tutorials: Protecting Users’ Privacy. https://www.appsee.com/tutorials/privacy. (last accessed 06/14/2018).

  • [4] Autopsy. https://www.sleuthkit.org/autopsy/.

  • [5] CalOPPA Chapter 22: Internet Privacy Requirements. https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=BPC&division=8.&title=&part=&chapter=22.&article=.

  • [6] dex-method-list. https://github.com/JakeWharton/dexmethod-list.

  • [7] FaceApp Privacy Policy. http://archive.today/2018.06.14-232005/https://www.faceapp.com/privacy. (last accessed 06/14/2018).

  • [8] Fair Information Practice Principles (FIPPS). https://www.dhs.gov/sites/default/files/publications/consolidated-powerpoint-final.pdf.

  • [9] Foremost. http://foremost.sourceforge.net/.

  • [10] Fotoable Privacy Policy. http://archive.today/2018.06.14-230916/https://www.fotoable.com/privacy.html. (last accessed 06/14/2018).

  • [11] General Data Protection Regulation (GDPR). https://eurlex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN.

  • [12] GoPuff Privacy Agreement. https://gopuff.com/privacyagreement. (last accessed 06/14/2018).

  • [13] JustTrustMe. https://github.com/Fuzion24/JustTrustMe.

  • [14] LaZy_NT. https://pypi.python.org/pypi/LaZy_NT.

  • [15] Mediaextract. https://github.com/panzi/mediaextract.

  • [16] Mitmproxy. https://mitmproxy.org/.

  • [17] My.com Terms of Use. http://archive.today/2018.06.14-231903/https://legal.my.com/us/games/tou/. (last accessed 06/14/2018).

  • [18] PhotoRec. https://www.cgsecurity.org/wiki/PhotoRec.

  • [19] Picas.tech Privacy Policy. http://archive.today/2018.06.14-231220/https://www.picas.tech/privacyandroid.php. (last accessed 06/14/2018).

  • [20] PIL. https://pypi.python.org/pypi/PIL.

  • [21] Prisma Privacy Policy. http://archive.today/2018.06.14-232142/http://prisma-ai.com/privacy.html. (last accessed 06/14/2018).

  • [22] Protocol Buffers. https://developers.google.com/protocol-buffers/.

  • [23] Scalpel. https://github.com/sleuthkit/scalpel.

  • [24] tcpxtract. http://tcpxtract.sourceforge.net/.

  • [25] TestFairy Mobile Testing Platform. https://www.testfairy.com/.

  • [26] UI/Application Exerciser Monkey. https://developer.android.com/tools/help/monkey.html.

  • [27] Kevin Allix Tegawendé F. Bissyandé Jacques Klein and Yves Le Traon. AndroZoo: Collecting Millions of Android Apps for the Research Community. In Proc. of the International Conference on Mining Software Repositories (MSR) 2016.

  • [28] Daniel Arp Erwin Quiring Christian Wressnegger and Konrad Rieck. Privacy Threats through Ultrasonic Side Channels on Mobile Devices. In Proc. of the IEEE European Symposium on Security and Privacy (EuroS&P) 2017.

  • [29] Steven Arzt Siegfried Rasthofer Christian Fritz Eric Bodden Alexandre Bartel Jacques Klein Yves Le Traon Damien Octeau and Patrick McDaniel. FlowDroid: Precise Context Flow Field Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) 2014.

  • [30] Michael Backes Sven Bugiel and Erik Derr. Reliable Third-Party Library Detection in Android and its Security Applications. In Proc. of the ACM Conference on Computer and Communications Security (CCS) 2016.

  • [31] Rebecca Balebako Jaeyeon Jung Wei Lu Lorrie Faith Cranor and Carolyn Nguyen. “Little Brothers Watching You:” Raising Awareness of Data Leaks on Smartphones. In Proc. of the Symposium on Usable Privacy and Security (SOUPS) 2013.

  • [32] Theodore Book Adam Pridgen and Dan S. Wallach. Longitudinal Analysis of Android Ad Library Permissions. In Proc. of the IEEE Mobile Security Technologies Workshop (MoST) 2013.

  • [33] Theodore Book and Dan S. Wallach. A Case of Collusion: A Study of the Interface Between Ad Libraries and Their Apps. In Proc. of the ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2013.

  • [34] Justin Brookman Phoebe Rouge Aaron Alva and Christina Yeung. Cross-Device Tracking: Measurement and Disclosures. In Proc. of the Privacy Enhancing Technologies Symposium (PETS) 2017.

  • [35] Paolo Calciati and Alessandra Gorla. How do Apps Evolve in Their Permission Requests? A Preliminary Study. In Proc. of the International Conference on Mining Software Repositories (MSR) 2017.

  • [36] Yinzhi Cao Yanick Fratantonio Antonio Bianchi Manuel Egele Christopher Kruegel Giovanni Vigna and Yan Chen. EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework. In Proc. of the Network and Distributed System Security Symposium (NDSS) 2015.

  • [37] Patrick Carter Collin Mulliner Martina Lindorfer William Robertson and Engin Kirda. CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Proc. of the International Conference on Financial Cryptography and Data Security (FC) 2016.

  • [38] Terence Chen Imdad Ullah Mohamed Ali Kaafar and Roksana Boreli. Information Leakage through Mobile Analytics Services. In Proc. of the ACM Workshop on Mobile Computing Systems and Applications (HotMobile) 2014.

  • [39] Shauvik Roy Choudhary Alessandra Gorla and Alessandro Orso. Automated Test Input Generation for Android: Are We There Yet? In Proc. of the IEEE/ACM International Conference on Automated Software Engineering (ASE) 2015.

  • [40] Andrea Continella Yanick Fratantonio Martina Lindorfer Alessandro Puccetti Ali Zand Christopher Kruegel and Giovanni Vigna. Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In Proc. of the Network and Distributed System Security Symposium (NDSS) 2017.

  • [41] Shuaifu Dai Alok Tongaonkar Xiaoyin Wang Antonio Nucci and Dawn Song. NetworkProfiler: Towards Automatic Fingerprinting of Android Apps. In Proc. of IEEE International Conference on Computer Communications (INFOCOM) 2013.

  • [42] Anupam Das Nikita Borisov and Matthew Caesar. Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components. In Proc. of the ACM Conference on Computer and Communications Security (CCS) 2014.

  • [43] William Enck Peter Gilbert Byung-Gon Chun Landon P. Cox Jaeyeon Jung Patrick McDaniel and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proc. of the USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2010.

  • [44] Steven Englehardt. No boundaries: Exfiltration of personal data by session-replay scripts. https://freedom-totinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/ November 2017.

  • [45] Tobias Fiebig Jan Krissler and Ronny Hänsch. Security Impact of High Resolution Smartphone Cameras. In Proc. of the USENIX Workshop on Offensive Technologies (WOOT) 2014.

  • [46] Jessica Fridrich. Sensor Defects in Digital Image Forensic. In Digital Image Forensics pages 179–218. Springer 2013.

  • [47] Clint Gibler Jonathan Crussell Jeremy Erickson and Hao Chen. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. In Proc. of the International Conference on Trust and Trustworthy Computing (TRUST) 2012.

  • [48] Lorenzo Gomez Iulian Neamtiu Tanzirul Azim and Todd Millstein. RERAN: Timing- and Touch-sensitive Record and Replay for Android. In Proc. of the International Conference on Software Engineering (ICSE) 2013.

  • [49] Shuai Hao Bin Liu Suman Nath William G.J. Halfond and Ramesh Govindan. PUMA: Programmable UI-Automation for Large-Scale Dynamic Analysis of Mobile Apps. In Proc. of the International Conference on Mobile Systems Applications and Services (MobiSys) 2014.

  • [50] Jinseong Jeon Kristopher K. Micinski and Jeffrey S. Foster. SymDroid: Symbolic Execution for Dalvik Bytecode. Technical Report CS-TR-5022 University of Maryland College Park 2012.

  • [51] Michael Kassner. Take secret photos by exploiting Android’s camera app. https://www.techrepublic.com/article/take-secret-photos-by-exploiting-androids-cameraapp/ June 2014.

  • [52] Jinyung Kim Yongho Yoon Kwangkeun Yi and Junbum Shin. SCANDAL: Static Analyzer for Detecting Privacy Leaks in Android Applications. In Proc. of the IEEE Mobile Security Technologies Workshop (MoST) 2012.

  • [53] Tadayoshi Kohno Andre Broido and KC Claffy. Remote Physical Device Fingerprinting. IEEE Transactions on Dependable and Secure Computing 2(2):93–108 2005.

  • [54] Anh Le Janus Varmarken Simon Langhoff Anastasia Shuba Minas Gjoka and Athina Markopoulou. AntMonitor: A System for Monitoring from Mobile Devices. In Proc. of the ACM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data (C2B(1)D) 2015.

  • [55] Christophe Leung Jingjing Ren David Choffnes and Christo Wilson. Should You Use the App for That?: Comparing the Privacy Implications of App- and Web-based Online Services. In Proc. of the Internet Measurement Conference (IMC) 2016.

  • [56] Martina Lindorfer Matthias Neugschwandtner Lukas Weichselbaum Yanick Fratantonio Victor van der Veen and Christian Platzer. Andrubis - 1000000 Apps Later: A View on Current Android Malware Behaviors. In Proc. of the International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) 2014.

  • [57] Ziang Ma Haoyu Wang Yao Guo and Xiangqun Chen. LibRadar: Fast and Accurate Detection of Third-party Libraries in Android Apps. In Proc. of the International Conference on Software Engineering (ICSE) 2016.

  • [58] Aravind Machiry Rohan Tahiliani and Mayur Naik. Dynodroid: An Input Generation System for Android Apps. In Proc. of the Joint Meeting on Foundations of Software Engineering (ESEC/FSE) 2013.

  • [59] Vasilios Mavroudis Shuang Hao Yanick Fratantonio Federico Maggi Giovanni Vigna and Christopher Kruegel. On the Privacy and Security of the Ultrasound Ecosystem. In Proc. of the Privacy Enhancing Technologies Symposium (PETS) 2017.

  • [60] Giuseppe Petracca Yuqiong Sun Trent Jaeger and Ahmad Atamli. AuDroid: Preventing Attacks on Audio Channels in Mobile Devices. In Proc. of the Annual Computer Security Applications Conference (ACSAC) 2015.

  • [61] Ashwin Rao Arash Molavi Kakhki Abbas Razaghpanah Anke Li David Choffnes nad Arnaud Legout Alan Mislove and Phillipa Gill. Meddle: Enabling Transparency and Control for Mobile Internet Traffic. Journal of Technology Science (JoTS) (2015103003) October 2015.

  • [62] Ashwin Rao Arash Molavi Kakhki Abbas Razaghpanah Amy Tang Shen Wang Justine Sherry Phillipa Gill Arvind Krishnamurthy Arnaud Legout Alan Mislove and David Choffnes. Using the Middle to Meddle with Mobile. Technical Report NEU-CCS-2013-12-10 Northeastern University 2013.

  • [63] Abbas Razaghpanah Rishab Nithyanand Narseo Vallina-Rodriguez Srikanth Sundaresan Mark Allman Christian Kreibich and Phillipa Gill. Apps Trackers Privacy and Regulators: A Global Study of the Mobile Tracking Ecosystem. In Proc. of the Network and Distributed System Security Symposium (NDSS) 2018.

  • [64] Jingjing Ren Martina Lindorfer Daniel Dubois Ashwin Rao David Choffnes and Narseo Vallina-Rodriguez. Bug Fixes Improvements ... and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions. In Proc. of the Network and Distributed System Security Symposium (NDSS) 2018.

  • [65] Jingjing Ren Ashwin Rao Martina Lindorfer Arnaud Legout and David Choffnes. ReCon: Revealing and Controlling Privacy Leaks in Mobile Network Traffic. In Proc. of the International Conference on Mobile Systems Applications and Services (MobiSys) 2016.

  • [66] Irwin Reyes Primal Wiesekera Joel Reardon Amit Elazari Bar On Abbas Razaghpanah Narseo Vallina-Rodriguez and Serge Egelman. “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale. In Proc. of the Privacy Enhancing Technologies Symposium (PETS) 2018.

  • [67] Animesh Shrivastava Puneet Jain Soteris Demetriou Landon P. Cox and Kyu-Han Kim. CamForensics: Understanding Visual Privacy Leaks in the Wild. In Proc. of the ACM Conference on Embedded Networked Sensor Systems (SenSys) 2017.

  • [68] Szymon Sidor. Exploring limits of covert data collection on Android: apps can take photos with your phone without you knowing. http://www.ez.ai/2014/05/exploring-limitsof-covert-data.html May 2014.

  • [69] Yihang Song and Urs Hengartner. PrivacyGuard: A VPNbased Platform to Detect Information Leakage on Android Devices. In Proc. of the ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2015.

  • [70] Aatif Sulleyman. Facebook could secretly watch users through webcams patents reveal. http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-plans-to-watch-users-through-webcams-spypatent-application-social-media-a7779711.html June 2017.

  • [71] Vincent F. Taylor Riccardo Spolaor Mauro Conti and Ivan Martinovic. AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic. In Proc. of the IEEE European Symposium on Security and Privacy (EuroS&P) 2016.

  • [72] Narseo Vallina-Rodriguez Jay Shah Alessandro Finamore Hamed Haddadi Yan Grunenberger Konstantina Papagiannaki and Jon Crowcroft. Breaking for Commercials: Characterizing Mobile Advertising. In Proc. of the Internet Measurement Conference (IMC) 2012.

  • [73] Narseo Vallina-Rodriguez Srikanth Sundaresan Abbas Razaghpanah Rishab Nithyanand Mark Allman Christian Kreibich and Phillipa Gill. Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem. In Proc. of the Workshop on Data and Algorithmic Transparency (DAT) 2016.

  • [74] Yan Wang Haowei Wu Hailong Zhang and Atanas Rountev. Orlis: Obfuscation-Resilient Library Detection for Android. In Proc. of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft) 2018.

  • [75] Mingyuan Xia Lu Gong Yuanhao Lyu Zhengwei Qi and Xue Liu. Effective Real-time Android Application Auditing. In Proc. of the IEEE Symposium on Security and Privacy (S&P) 2015.

  • [76] Ning Xia Han Hee Song Yong Liao Marios Iliofotou Antonio Nucci Zhi-Li Zhang and Aleksandar Kuzmanovic. Mosaic: Quantifying Privacy Leakage in Mobile Networks. In Proc. of the Conference on Applications Technologies Architectures and Protocols for Computer Communication (SIGCOMM) 2013.

  • [77] Lok Kwong Yan and Heng Yin. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In Proc. of the USENIX Security Symposium 2012.

  • [78] Zhemin Yang Min Yang Yuan Zhang Guofei Gu Peng Ning and X. Sean Wang. AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection. In Proc. of the ACM Conference on Computer and Communications Security (CCS) 2013.

  • [79] Yuan Zhang Min Yang Bingquan Xu Zhemin Yang Guofei Gu Peng Ning X. Sean Wang and Binyu Zang. Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis. In Proc. of the ACM Conference on Computer and Communications Security (CCS) 2013.

  • [80] Zhe Zhou Wenrui Diao Xiangyu Liu and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. In Proc. of the ACM Conference on Computer and Communications Security (CCS) 2014.

  • [81] Sebastian Zimmeck Jie S. Li Hyungtae Kim Steven M. Bellovin and Tony Jebara. A Privacy Analysis of Crossdevice Tracking. In Proc. of the USENIX Security Symposium 2017.

Search
Journal information
Cited By
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 682 621 33
PDF Downloads 505 452 14