Mitigating Location Privacy Attacks on Mobile Devices using Dynamic App Sandboxing

Open access

Abstract

We present the design, implementation and evaluation of a system, called MATRIX, developed to protect the privacy of mobile device users from location inference and sensor side-channel attacks. MATRIX gives users control and visibility over location and sensor (e.g., Accelerometers and Gyroscopes) accesses by mobile apps. It implements a PrivoScope service that audits all location and sensor accesses by apps on the device and generates real-time notifications and graphs for visualizing these accesses; and a Synthetic Location service to enable users to provide obfuscated or synthetic location trajectories or sensor traces to apps they find useful, but do not trust with their private information. The services are designed to be extensible and easy for users, hiding all of the underlying complexity from them. MATRIX also implements a Location Provider component that generates realistic privacy-preserving synthetic identities and trajectories for users by incorporating traffic information using historical data from Google Maps Directions API, and accelerations using statistical information from user driving experiments. These mobility patterns are generated by modeling/solving user schedule using a randomized linear program and modeling/solving for user driving behavior using a quadratic program. We extensively evaluated MATRIX using user studies, popular location-driven apps and machine learning techniques, and demonstrate that it is portable to most Android devices globally, is reliable, has low-overhead, and generates synthetic trajectories that are difficult to differentiate from real mobility trajectories by an adversary.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Yuvraj Agarwal and Malcolm Hall. Protectmyprivacy: Detecting and mitigating privacy leaks on ios devices using crowdsourcing. In Proceeding of the 11th Annual International Conference on Mobile Systems Applications and Services MobiSys ’13 New York NY USA 2013. ACM.

  • [2] Hazim Almuhimedi Florian Schaub Norman Sadeh Idris Adjerid Alessandro Acquisti Joshua Gluck Lorrie Faith Cranor and Yuvraj Agarwal. Your location has been shared 5398 times#: A field study on mobile app privacy nudging. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems CHI ’15 New York NY USA 2015. ACM.

  • [3] Amazon. Amazon Mechanical Turk. https://www.mturk.com/mturk/welcome 2017.

  • [4] Miguel E. Andrés Nicolás E. Bordenabe Konstantinos Chatzikokolakis and Catuscia Palamidessi. Geoindistinguishability: Differential privacy for location-based systems. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security CCS ’13 2013.

  • [5] Android. Android Mock Location Provider. https://developer.android.com/guide/topics/location/strategies.html#MockData 2017.

  • [6] Android. The Android Source Code. https://source.android.com/source/ 2017.

  • [7] Android. UI/Application Exerciser Monkey. https://developer.android.com/studio/test/monkey.html 2017.

  • [8] Android. Android Dashboards. https://developer.android.com/about/dashboards/index.html 2018.

  • [9] C. A. Ardagna M. Cremonini S. De Capitani di Vimercati and P. Samarati. An obfuscation-based approach for protecting location privacy. IEEE Transactions on Dependable and Secure Computing Jan 2011.

  • [10] Steven Arzt Siegfried Rasthofer Christian Fritz Eric Bodden Alexandre Bartel Jacques Klein Yves Le Traon Damien Octeau and Patrick McDaniel. Flowdroid: Precise context flow field object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation PLDI ’14 New York NY USA 2014. ACM.

  • [11] Michael Backes Sven Bugiel Erik Derr Sebastian Gerling and Christian Hammer. R-droid: Leveraging android app analysis with static slice optimization. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security ASIA CCS ’16 New York NY USA 2016. ACM.

  • [12] Michael Backes Sven Bugiel Christian Hammer Oliver Schranz and Philipp von Styp-Rekowsky. Boxify: Full-fledged app sandboxing for stock android. In 24th USENIX Security Symposium (USENIX Security 15) Washington D.C. 2015. USENIX Association.

  • [13] Alastair R. Beresford Andrew Rice Nicholas Skehin and Ripduman Sohan. Mockdroid: Trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications HotMobile ’11 New York NY USA 2011. ACM.

  • [14] Igor Bilogrevic Kévin Huguenin Berker Agir Murtuza Jadliwala Maria Gazaki and Jean-Pierre Hubaux. A machine-learning based approach to privacy-aware information-sharing in mobile social networks. Pervasive and Mobile Computing 25 2016.

  • [15] V. Bindschaedler and R. Shokri. Synthesizing plausible privacy-preserving location traces. In 2016 IEEE Symposium on Security and Privacy (SP) May 2016.

  • [16] Kenneth Block Sashank Narain and Guevara Noubir. An autonomic and permissionless android covert channel. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks WiSec ’17 2017.

  • [17] Kenneth Block and Guevara Noubir. My magnetometer is telling you where i’ve been?: A mobile device permissionless location attack. In Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks WiSec ’18 2018.

  • [18] Nicolás E. Bordenabe Konstantinos Chatzikokolakis and Catuscia Palamidessi. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security CCS ’14 2014.

  • [19] Aldo Cassola Erik-Oliver Blass and Guevara Noubir. Authenticating privately over public wi-fi hotspots. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security CCS ’15 2015.

  • [20] Aldo Cassola William Robertson Engin Kirda and Guevara Noubir. A Practical Targeted and Stealthy Attack Against WPA Enterprise Authentication. In NDSS Symposium 2013 2013.

  • [21] Saksham Chitkara Nishad Gothoskar Suhas Harish Jason I. Hong and Yuvraj Agarwal. Does this app really need my location?: Context-aware privacy management for smart-phones. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. September 2017.

  • [22] David R. Choffnes and Fabián E. Bustamante. An integrated mobility and traffic model for vehicular wireless networks. In Proceedings of the 2Nd ACM International Workshop on Vehicular Ad Hoc Networks VANET ’05 2005.

  • [23] Richard Chow and Philippe Golle. Faking contextual data for fun profit and privacy. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society WPES ’09 2009.

  • [24] Anupam Das Nikita Borisov and Matthew Caesar. Tracking mobile web users through motion sensors: Attacks and defenses. In Network and Distributed System Security Symposium (NDSS) 2016.

  • [25] Anupam Das Nikita Borisov and Edward Chou. Every move you make: Exploring practical issues in smartphone motion sensor fingerprinting and countermeasures. Proceedings on Privacy Enhancing Technologies (PoPETs) pages 88–108 2018.

  • [26] Benjamin Davis and Hao Chen. Retroskeleton: Retrofitting android apps. In Proceeding of the 11th Annual International Conference on Mobile Systems Applications and Services MobiSys ’13 New York NY USA 2013. ACM.

  • [27] B. Deva S. R. Garzon and S. Schünemann. A context-sensitive privacy-aware framework for proactive location-based services. In 2015 9th International Conference on Next Generation Mobile Applications Services and Technologies Sept 2015.

  • [28] Z. Ding L. Guo and X. Meng. Adaptive location update mechanism for network-constrained moving objects in changeful traffic conditions. In 2009 Tenth International Conference on Mobile Data Management: Systems Services and Middleware May 2009.

  • [29] Frans Ekman Ari Keränen Jouni Karvo and Jörg Ott. Working day movement model. In Proceedings of the 1st ACM SIGMOBILE Workshop on Mobility Models Mobility-Models ’08 2008.

  • [30] William Enck Peter Gilbert Byung-Gon Chun Landon P. Cox Jaeyeon Jung Patrick McDaniel and Anmol N. Sheth. Taintdroid: An information-flow tracking system for real-time privacy monitoring on smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation OSDI’10 Berkeley CA USA 2010. USENIX Association.

  • [31] Kassem Fawaz Huan Feng and Kang G. Shin. Anatomization and protection of mobile apps’ location privacy threats. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association 2015.

  • [32] Kassem Fawaz and Kang G. Shin. Location privacy protection for smartphone users. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security CCS ’14 2014.

  • [33] FTC. Android flashlight app developer settles FTC charges it deceived consumers. https://www.ftc.gov/news-events/press-releases/2013/12/android-flashlight-app-developersettles-ftc-charges-it-deceived December 2013. Accessed: November 2015.

  • [34] Huiqing Fu Yulong Yang Nileema Shingte Janne Lindqvist and Marco Gruteser. A field study of run-time location access disclosures on android smartphones. In Network and Distributed System Security Symposium (NDSS) 2014.

  • [35] J. Ghosh S. J. Philip and C. Qiao. Sociological orbit aware location approximation and routing in manet. In 2nd International Conference on Broadband Networks 2005. Oct 2005.

  • [36] Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. Generative adversarial nets. In Z. Ghahramani M. Welling C. Cortes N. D. Lawrence and K. Q. Weinberger editors Advances in Neural Information Processing Systems 27 pages 2672–2680. 2014.

  • [37] Jun Han E. Owusu L.T. Nguyen A. Perrig and J. Zhang. Accomplice: Location inference using accelerometers on smartphones. In Communication Systems and Networks (COMSNETS) 2012 Fourth International Conference on Jan 2012.

  • [38] B. Henne C. Kater M. Smith and M. Brenner. Selective cloaking: Need-to-know for location-based apps. In 2013 Eleventh Annual Conference on Privacy Security and Trust July 2013.

  • [39] Klaus Herrmann. Modeling the sociological aspects of mobility in ad hoc networks. In Proceedings of the 6th ACM International Workshop on Modeling Analysis and Simulation of Wireless and Mobile Systems MSWIM ’03 2003.

  • [40] Baik Hoh M. Gruteser Hui Xiong and A. Alrabady. Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Computing Oct 2006.

  • [41] Baik Hoh and Marco Gruteser. Preserving privacy in gps traces via uncertainty-aware path cloaking. In In Proceedings of ACM CCS 2007 2007.

  • [42] Xiaoyan Hong Mario Gerla Guangyu Pei and Ching-Chuan Chiang. A group mobility model for ad hoc wireless networks. In Proceedings of the 2Nd ACM International Workshop on Modeling Analysis and Simulation of Wireless and Mobile Systems MSWiM ’99 1999.

  • [43] Peter Hornyack Seungyeop Han Jaeyeon Jung Stuart Schechter and David Wetherall. These Aren’T the Droids You’Re Looking for: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security CCS ’11 New York NY USA 2011. ACM.

  • [44] Y. K. Huang I. F. Su L. F. Lin and Y. C. Chung. Efficient processing of updates for moving objects with varying speed and direction. In 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA) March 2013.

  • [45] Yuan-Ko Huang. Indexing and querying moving objects with uncertain speed and direction in spatiotemporal databases. Journal of Geographical Systems Apr 2014.

  • [46] Jinseong Jeon Kristopher K. Micinski Jeffrey A. Vaughan Ari Fogel Nikhilesh Reddy Jeffrey S. Foster and Todd Mill-stein. Dr. android and mr. hide: Fine-grained permissions in android applications. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices SPSM ’12 New York NY USA 2012. ACM.

  • [47] D. Karamshuk C. Boldrini M. Conti and A. Passarella. Human mobility models for opportunistic networks. IEEE Communications Magazine December 2011.

  • [48] Ryo Kato Mayu Iwata Takahiro Hara Akiyoshi Suzuki Xing Xie Yuki Arase and Shojiro Nishio. A dummy-based anonymization method based on user trajectory with pauses. In Proceedings of the 20th International Conference on Advances in Geographic Information Systems SIGSPATIAL ’12 2012.

  • [49] H. Kido Y. Yanagisawa and T. Satoh. An anonymous communication technique using dummies for location-based services. In ICPS ’05. Proceedings. International Conference on Pervasive Services 2005. July 2005.

  • [50] M. Kim D. Kotz and S. Kim. Extracting a mobility model from real user traces. In Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications April 2006.

  • [51] John Krumm. Realistic driving trips for location privacy. In International Conference on Pervasive Computing. Springer 2009.

  • [52] B. Krupp N. Sridhar and W. Zhao. Spe: Security and privacy enhancement framework for mobile devices. IEEE Transactions on Dependable and Secure Computing 2015.

  • [53] K. Lee S. Hong S. J. Kim I. Rhee and S. Chong. Slaw: A new mobility model for human walks. In IEEE INFOCOM 2009 April 2009.

  • [54] Baochun Li. On increasing service accessibility and efficiency in wireless ad-hoc networks with group mobility. Wirel. Pers. Commun. April 2002.

  • [55] Bin Liu Mads Schaarup Andersen Florian Schaub Hazim Almuhimedi Shikun (Aerin) Zhang Norman Sadeh Yuvraj Agarwal and Alessandro Acquisti. Follow my recommendations: A personalized privacy assistant for mobile app permissions. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016) Denver CO 2016. USENIX Association.

  • [56] Hua Lu Christian S. Jensen and Man Lung Yiu. Pad: Privacy-area aware dummy-based location privacy in mobile services. In Proceedings of the Seventh ACM International Workshop on Data Engineering for Wireless and Mobile Access MobiDE ’08 2008.

  • [57] Kangjie Lu Zhichun Li Vasileios P. Kemerlis Zhenyu Wu Long Lu Cong Zheng Zhiyun Qian Wenke Lee and Guofei Jiang. Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In The Network and Distributed System Security Symposium NDSS ’15 2015.

  • [58] Ashwin Machanavajjhala Daniel Kifer John Abowd Johannes Gehrke and Lars Vilhuber. Privacy: Theory meets practice on the map. In Proceedings of the 2008 IEEE 24th International Conference on Data Engineering ICDE ’08 2008.

  • [59] Yan Michalevsky Aaron Schulman Gunaa Arumugam Veerapandian Dan Boneh and Gabi Nakibly. Powerspy: Location tracking using mobile device power analysis. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association 2015.

  • [60] A. Mosenia X. Dai P. Mittal and N. Jha. Pinme: Tracking a smartphone user around the world. IEEE Transactions on Multi-Scale Computing Systems 2017.

  • [61] Mirco Musolesi and Cecilia Mascolo. A community based mobility model for ad hoc network research. In Proceedings of the 2Nd International Workshop on Multi-hop Ad Hoc Networks: From Theory to Reality REALMAN ’06 2006.

  • [62] S. Narain T. D. Vo-Huu K. Block and G. Noubir. Inferring user routes and locations using zero-permission mobile sensors. In 2016 IEEE Symposium on Security and Privacy (SP) May 2016.

  • [63] Sashank Narain Amirali Sanatinia and Guevara Noubir. Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks WiSec ’14 2014.

  • [64] Sarfraz Nawaz and Cecilia Mascolo. Mining users’ significant driving routes with low-power sensors. In Proceedings of the 12th ACM Conference on Embedded Network Sensor Systems SenSys ’14. ACM 2014.

  • [65] Andrew Y. Ng and Michael I. Jordan. On discriminative vs. generative classifiers: A comparison of logistic regression and naive bayes. In Proceedings of the 14th International Conference on Neural Information Processing Systems: Natural and Synthetic NIPS’01 Cambridge MA USA 2001. MIT Press.

  • [66] US Department of Commerce. United States Census Bureau. https://www.census.gov/ 2018.

  • [67] OpenStreetMap. OpenStreetMap Amenity Key. http://wiki.openstreetmap.org/wiki/Key:amenity 2017.

  • [68] OpenStreetMap. OpenStreetMap Building Key. http://wiki.openstreetmap.org/wiki/Key:building 2017.

  • [69] Simon Oya Carmela Troncoso and Fernando Pérez-González. Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms. In Pro ceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security CCS ’17 2017.

  • [70] F. Pedregosa G. Varoquaux A. Gramfort V. Michel B. Thirion O. Grisel M. Blondel P. Prettenhofer R. Weiss V. Dubourg J. Vanderplas A. Passos D. Cournapeau M. Brucher M. Perrot and E. Duchesnay. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research 12:2825–2830 2011.

  • [71] A. Pingley N. Zhang X. Fu H. A. Choi S. Subramaniam and W. Zhao. Protection of query privacy for continuous location based services. In 2011 Proceedings IEEE INFOCOM April 2011.

  • [72] R. Shokri G. Theodorakopoulos J. Y. Le Boudec and J. P. Hubaux. Quantifying location privacy. In 2011 IEEE Symposium on Security and Privacy May 2011.

  • [73] Reza Shokri George Theodorakopoulos Carmela Troncoso Jean-Pierre Hubaux and Jean-Yves Le Boudec. Protecting location privacy: Optimal strategy against localization attacks. In Proceedings of the 2012 ACM Conference on Computer and Communications Security CCS ’12 2012.

  • [74] Mingshen Sun Tao Wei and John C.S. Lui. Taintart: A practical multi-level information-flow tracking system for android runtime. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security CCS ’16 New York NY USA 2016. ACM.

  • [75] Akiyoshi Suzuki Mayu Iwata Yuki Arase Takahiro Hara Xing Xie and Shojiro Nishio. A user location anonymization method for location based services in a real environment. In Proceedings of the 18th SIGSPATIAL International Conference on Advances in Geographic Information Systems GIS ’10 2010.

  • [76] Yufei Tao Christos Faloutsos Dimitris Papadias and Bin Liu. Prediction and indexing of moving objects with unknown motion patterns. In Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data SIGMOD ’04 2004.

  • [77] TeamWin. TeamWin - TWRP. https://twrp.me/about/ 2017.

  • [78] C. Tuduce and T. Gross. A mobility model based on wlan traces and its validation. In Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies. March 2005.

  • [79] Tien Dang Vo-Huu Triet Dang Vo-Huu and Guevara Noubir. Fingerprinting wi-fi devices using software defined radios. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks WiSec ’16 pages 3–14 New York NY USA 2016. ACM.

  • [80] Y. Wang Dingbang Xu Xiao He Chao Zhang Fan Li and B. Xu. L2p2: Location-aware location privacy protection for location-based services. In 2012 Proceedings IEEE INFO-COM March 2012.

  • [81] Fengguo Wei Sankardas Roy Xinming Ou and Robby. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security CCS ’14 New York NY USA 2014. ACM.

  • [82] Ouri Wolfson and Huabei Yin. Accuracy and Resource Consumption in Tracking and Location Prediction. 2003.

  • [83] M. Xia L. Gong Y. Lyu Z. Qi and X. Liu. Effective real-time android application auditing. In 2015 IEEE Symposium on Security and Privacy May 2015.

  • [84] Xposed Framework. The Xposed Framework Source Code. https://github.com/rovo89/XposedInstaller 2017.

  • [85] T. H. You W. C.f Peng and W. C. Lee. Protecting moving trajectories with dummies. In 2007 International Conference on Mobile Data Management May 2007.

  • [86] Hui Zang and Jean Bolot. Anonymization of location data does not work: A large-scale measurement study. In Proceedings of the 17th Annual International Conference on Mobile Computing and Networking MobiCom ’11 2011.

  • [87] L. Zhang Z. Cai and X. Wang. Fakemask: A novel privacy preserving approach for smartphones. IEEE Transactions on Network and Service Management June 2016.

  • [88] Qunwei Zheng Xiaoyan Hong Jun Liu David Cordes and Wan Huang. Agenda driven mobility modelling. Int. J. Ad Hoc Ubiquitous Comput. December 2010.

  • [89] J. Zhou H. V. Leong Q. Lu and K. C. K. Lee. Optimizing update threshold for distance-based location tracking strategies in moving object environments. In 2007 IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks June 2007.

  • [90] Yajin Zhou Xinwen Zhang Xuxian Jiang and Vincent W. Freeh. Taming information-stealing smartphone applications (on android). In Proceedings of the 4th International Conference on Trust and Trustworthy Computing TRUST’11 Berlin Heidelberg 2011. Springer-Verlag.

  • [91] Suwen Zhu Long Lu and Kapil Singh. Case: Comprehensive application security enforcement on cots mobile devices. In Proceedings of the 14th Annual International Conference on Mobile Systems Applications and Services MobiSys ’16. ACM 2016.

Search
Journal information
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 176 176 39
PDF Downloads 100 100 9