Skip to main content
SpringerLink
Log in
Book cover

International Conference on Internet and Distributed Computing Systems

IDCS 2019: Internet and Distributed Computing Systems pp 457–467Cite as

Smart Cities and Open WiFis: When Android OS Permissions Cease to Protect Privacy

  • Conference paper
  • First Online:

  • 884 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11874))

Abstract

The wide-spread availability of open WiFi networks on smart cities can be considered an advanced service for citizens. However, a device connecting to WiFi network access points gives away its location. On the one hand, the access point provider could collect and analyse the ids of connecting devices, and people choose whether to connect depending on the degree of trust to the provider. On the other hand, an app running on the device could sense the presence of nearby WiFi networks, and this could have some consequences on user privacy. Based on permission levels and mechanisms proper of Android OS, this paper proposes an approach whereby an app attempting to connect to WiFi networks could reveal to a third part the presence of some known networks, thus a surrogate for the geographical location of the user, while she is unaware of it. This is achieved without resorting to GPS readings, hence without needing dangerous-level permissions. We propose a way to counteract such a weakness in order to protect user privacy.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://wiki.opencellid.org.

  2. 2.

    https://wigle.net.

  3. 3.

    https://developer.android.com/guide/topics/connectivity/wifi-scan.

  4. 4.

    https://developer.android.com/about/dashboards.

  5. 5.

    http://www.datiopen.it/it/opendata/Provincia_di_Roma_WiFi.

  6. 6.

    https://data.cityofnewyork.us/City-Government/NYC-Wi-Fi-Hotspot-Locations/yjub-udmw.

  7. 7.

    https://www.wifimap.io.

  8. 8.

    http://www.datiopen.it.

References

  1. Achara, J.P., Cunche, M., Roca, V., Francillon, A.: Short paper: WifiLeaks: underestimated privacy implications of the access\(\_\)wifi\(\_\)state android permission. In: Proceedings of ACM Conference on Security and Privacy in Wireless and Mobile Networks (2014)

    Google Scholar 

  2. Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  3. Ascia, G., et al.: Making android apps data-leak-safe by data flow analysis and code injection. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 205–210 (2016)

    Google Scholar 

  4. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011)

    Google Scholar 

  5. Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027–2051 (2016)

    Article  Google Scholar 

  6. Demir, L.: Wi-fi tracking: what about privacy. Master thesis, Grenoble (2013)

    Google Scholar 

  7. Di Stefano, A., Fornaia, A., Tramontana, E., Verga, G.: Detecting android malware according to observations on user activities. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2018)

    Google Scholar 

  8. Dondyk, E., Zou, C.C.: Denial of convenience attack to smartphones using a fake Wi-Fi access point. In: Proceedings of IEEE Consumer Communications and Networking Conference (CCNC), pp. 164–170 (2013)

    Google Scholar 

  9. Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android SSL (in) security. In: Proceedings of ACM Conference on Computer and Communications Security (2012)

    Google Scholar 

  10. Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutor. 17(2), 998–1022 (2014)

    Article  Google Scholar 

  11. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of ACM Conference on Computer and Communications Security (2011)

    Google Scholar 

  12. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceedings of IEEE Symposium on Security and Privacy (SP) (2016)

    Google Scholar 

  13. Google: Android. developer.android.com/topic/libraries/support-library (2019)

    Google Scholar 

  14. Krupp, B., Sridhar, N., Zhao, W.: SPE: security and privacy enhancement framework for mobile devices. IEEE Trans. Dependable Secure Comput. 14(4), 433–446 (2015)

    Article  Google Scholar 

  15. Kywe, S.M., Li, Y., Petal, K., Grace, M.: Attacking android smartphone systems without permissions. In: Proceedings of IEEE Conference on Privacy, Security and Trust (PST), pp. 147–156 (2016)

    Google Scholar 

  16. Mustafa, H., Xu, W.: CETAD: detecting evil twin access point attacks in wireless hotspots. In: Proceedings of IEEE Conference on Communication and Network Security (2014)

    Google Scholar 

  17. Park, M.W., Choi, Y.H., Eom, J.H., Chung, T.M.: Dangerous Wi-Fi access point: attacks to benign smartphone applications. Pers. Ubiquit. Comput. 18(6), 1373–1386 (2014)

    Article  Google Scholar 

  18. Poese, I., Uhlig, S., Kaafar, M.A., Donnet, B., Gueye, B.: Ip geolocation databases: unreliable? ACM SIGCOMM Comput. Comm. Review 41(2), 53–56 (2011)

    Article  Google Scholar 

  19. Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of ACM Symposium on Access Control Models and Technologies, pp. 13–22 (2012)

    Google Scholar 

  20. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inform. Syst. 38(1), 161–190 (2012)

    Article  Google Scholar 

  21. Tramontana, E., Verga, G.: Mitigating privacy-related risks for android users. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2019)

    Google Scholar 

  22. Verga, G., Fornaia, A., Calcagno, S., Tramontana, E.: Yet another way to unknowingly gather people coordinates and its countermeasures. In: Montella, R., et al. (eds.) Proceedings of International Conference on Internet and Distributed Computing Systems (IDCS). LNCS, vol. 11874. Springer (2019)

    Google Scholar 

Download references

Acknowledgement

This work has been supported by project CREAMS—Codes Recognising and Eluding Attacks and Meddling on Systems—funded by Università degli Studi di Catania, Piano della Ricerca 2016/2018 Linea di intervento 2.

Author information

Authors and Affiliations

  1. Dipartimento di Matematica e Informatica, University of Catania, Catania, Italy

    Gabriella Verga, Salvatore Calcagno, Andrea Fornaia & Emiliano Tramontana

Authors
  1. Gabriella Verga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salvatore Calcagno
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrea Fornaia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emiliano Tramontana
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emiliano Tramontana .

Editor information

Editors and Affiliations

  1. Department of Science and Technology, Parthenope University of Naples, Napoli, Italy

    Raffaele Montella

  2. Parthenope University of Naples, Napoli, Italy

    Angelo Ciaramella

  3. University of Calabria, Rende, Italy

    Giancarlo Fortino

  4. ICAR, Consiglio Nazionale delle Ricerche, Rende, Cosenza, Italy

    Antonio Guerrieri

  5. Edinburgh Napier University, Edinburgh, UK

    Antonio Liotta

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Verga, G., Calcagno, S., Fornaia, A., Tramontana, E. (2019). Smart Cities and Open WiFis: When Android OS Permissions Cease to Protect Privacy. In: Montella, R., Ciaramella, A., Fortino, G., Guerrieri, A., Liotta, A. (eds) Internet and Distributed Computing Systems . IDCS 2019. Lecture Notes in Computer Science(), vol 11874. Springer, Cham. https://doi.org/10.1007/978-3-030-34914-1_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34914-1_43

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34913-4

  • Online ISBN: 978-3-030-34914-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation