Skip to main content
SpringerLink
Log in

Yet Another Way to Unknowingly Gather People Coordinates and Its Countermeasures

  • Conference paper
  • First Online:
Internet and Distributed Computing Systems (IDCS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11874))

Included in the following conference series:

Abstract

Apps running on a smartphone have the possibility to gather data that can act as a fingerprint for their user. Such data comprise the ids of nearby WiFi networks, features of the device, etc., and they can be a precious asset for offering e.g. customised transportation means, news and ads, etc. Additionally, since WiFi network ids can be easily associated to GPS coordinates, from the users frequent locations it is possible to guess their home address, their shopping preferences, etc. Unfortunately, existing privacy protection mechanisms and permissions on Android OS do not suffice in preventing apps from gathering such data, which can be considered sensitive and not to be disclosed to a third part. This paper shows how an app using only the permission to access WiFi networks could send some private data unknowingly from the user. Moreover, an advanced mechanism is proposed to shield user private data, and to selectively obscure data an app could spy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://wigle.net.

References

  1. Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  2. Ascia, G., et al.: Making Android apps data-leak-safe by data flow analysis and code injection. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 205–210 (2016)

    Google Scholar 

  3. Aung, Z., Zaw, W.: Permission-based Android malware detection. Int. J. Sci. Technol. Res. 2(3), 228–234 (2013)

    Google Scholar 

  4. Cavallaro, C., Verga, G., Tramontana, E., Muscato, O.: Multi-agent architecture for point of interest detection and recommendation. In: Proceedings of XX Workshop From Objects to Agents (WOA) (2019)

    Google Scholar 

  5. Di Stefano, A., Fornaia, A., Tramontana, E., Verga, G.: Detecting Android malware according to observations on user activities. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 241–246 (2018)

    Google Scholar 

  6. Enck, W.: Defending users against smartphone apps: techniques and future directions. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 49–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25560-1_3

    Chapter  Google Scholar 

  7. Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. 7(1), 50–57 (2009)

    Article  Google Scholar 

  8. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 627–638 (2011)

    Google Scholar 

  9. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of ACM Symposium on Usable Privacy and Security (2012)

    Google Scholar 

  10. Google: Android (2019). https://developer.android.com/topic/libraries/support-library

  11. Krupp, B., Sridhar, N., Zhao, W.: SPE: security and privacy enhancement framework for mobile devices. IEEE Trans. Dependable Secure Comput. 14(4), 433–446 (2015)

    Article  Google Scholar 

  12. Montealegre, C., Njuguna, C.R., Malik, M.I., Hannay, P., McAteer, I.N.: Security vulnerabilities in Android applications. In: Proceedings of Australian Information Security Management Conference (2018)

    Google Scholar 

  13. Nguyen, L., et al.: UnLocIn: unauthorized location inference on smartphones without being caught. In: Proceedings of IEEE International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8 (2013)

    Google Scholar 

  14. Qi, M., Wang, Z., He, Z., Shao, Z.: User identification across asynchronous mobility trajectories. Sensors 19(9), 2102 (2019)

    Article  Google Scholar 

  15. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for Android devices. J. Intell. Inf. Syst. 38(1), 161–190 (2012)

    Article  Google Scholar 

  16. Tramontana, E., Verga, G.: Get spatio-temporal flows from GPS data. In: Proceedings of IEEE International Conference on Smart Computing (SMARTCOMP), pp. 282–284 (2018)

    Google Scholar 

  17. Tramontana, E., Verga, G.: Mitigating privacy-related risks for Android users. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2019)

    Google Scholar 

  18. Wagner, D.T., Rice, A., Beresford, A.R.: Device analyzer: large-scale mobile data collection. ACM SIGMETRICS Perform. Eval. Rev. 41(4), 53–56 (2014)

    Article  Google Scholar 

  19. Wei, T.E., Jeng, A.B., Lee, H.M., Chen, C.H., Tien, C.W.: Android privacy. In: Proceedings of IEEE International Conference on Machine Learning and Cybernetics, vol. 5, pp. 1830–1837 (2012)

    Google Scholar 

  20. Zheng, V.W., Zheng, Y., Xie, X., Yang, Q.: Collaborative location and activity recommendations with GPS history data. In: Proceedings of ACM International Conference on World Wide Web, pp. 1029–1038 (2010)

    Google Scholar 

  21. Zheng, V.W., Zheng, Y., Xie, X., Yang, Q.: Towards mobile intelligence: learning from GPS history data for collaborative recommendation. Artif. Intell. 184, 17–37 (2012)

    Article  MathSciNet  Google Scholar 

  22. Zheng, Y., Xie, X., Ma, W.Y., et al.: GeoLife: a collaborative social networking service among user, location and trajectory. IEEE Data Eng. Bull. 33(2), 32–39 (2010)

    Google Scholar 

Download references

Acknowledgement

This work has been supported by project CREAMS—Codes Recognising and Eluding Attacks and Meddling on Systems—funded by Università degli Studi di Catania, Piano della Ricerca 2016/2018 Linea di intervento 2.

Author information

Authors and Affiliations

  1. Dipartimento di Matematica e Informatica, University of Catania, Catania, Italy

    Gabriella Verga, Andrea Fornaia, Salvatore Calcagno & Emiliano Tramontana

Authors
  1. Gabriella Verga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrea Fornaia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Salvatore Calcagno
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emiliano Tramontana
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emiliano Tramontana .

Editor information

Editors and Affiliations

  1. Department of Science and Technology, Parthenope University of Naples, Napoli, Italy

    Raffaele Montella

  2. Parthenope University of Naples, Napoli, Italy

    Angelo Ciaramella

  3. University of Calabria, Rende, Italy

    Giancarlo Fortino

  4. ICAR, Consiglio Nazionale delle Ricerche, Rende, Cosenza, Italy

    Antonio Guerrieri

  5. Edinburgh Napier University, Edinburgh, UK

    Antonio Liotta

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Verga, G., Fornaia, A., Calcagno, S., Tramontana, E. (2019). Yet Another Way to Unknowingly Gather People Coordinates and Its Countermeasures. In: Montella, R., Ciaramella, A., Fortino, G., Guerrieri, A., Liotta, A. (eds) Internet and Distributed Computing Systems . IDCS 2019. Lecture Notes in Computer Science(), vol 11874. Springer, Cham. https://doi.org/10.1007/978-3-030-34914-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34914-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34913-4

  • Online ISBN: 978-3-030-34914-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation