Discovering and understanding android sensor usage behaviors with data flow analysis

Abstract
Today’s Android-powered smartphones have various embedded sensors that measure the acceleration, orientation, light and other environmental conditions. Many functions in the third-party applications (apps) need to use these sensors. However, embedded sensors may lead to security issues, as the third-party apps can read data from these sensors without claiming any permissions. It has been proven that embedded sensors can be exploited by well designed malicious apps, resulting in leaking users’ privacy. In this work, we are motivated to provide an overview of sensor usage patterns in current apps by investigating what, why and how embedded sensors are used in the apps collected from both a Chinese app. market called “AppChina” and the official market called “Google Play”. To fulfill this goal, We develop a tool called “SDFDroid” to identify the used sensors’ types and to generate the sensor data propagation graphs in each app. We then cluster the apps to find out their sensor usage patterns based on their sensor data propagation graphs. We apply our method on 22,010 apps collected from AppChina and 7,601 apps from Google Play. Extensive experiments are conducted and the experimental results show that most apps implement their sensor related functions by using the third-party libraries. We further study the sensor usage behaviors in the third-party libraries. Our results show that the accelerometer is the most frequently used sensor. Though many third-party libraries use no more than four types of sensors, there are still some third-party libraries registering all the types of sensors recklessly. These results call for more attentions on better regulating the sensor usage in Android apps.

Citation
Liu X, Liu J, Wang W, He Y, Zhang X (2017) Discovering and understanding android sensor usage behaviors with data flow analysis. World Wide Web 21: 105–126. Available: http://dx.doi.org/10.1007/s11280-017-0446-0.

Acknowledgements
The work reported in this paper is partially supported by the Fundamental Research funds for the central Universities of China (No. K15JB00190), Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, the Ph.D. Programs Foundation of Ministry of Education of China (No. 20120009120010), the Scientific Research Foundation for the Returned Overseas Chinese Scholars, State Education Ministry (No. K14C300020), and in part by the 111 Project (B14005).

Publisher
Springer Nature

Journal
World Wide Web

DOI
10.1007/s11280-017-0446-0

Additional Links
http://lthlibprod.kaust.edu.sa/publications/forms/processNewItems.php

Permanent link to this record