Advertisement

Information Leakage in Wearable Applications

  • Babatunde OlabenjoEmail author
  • Dwight Makaroff
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11611)

Abstract

Wearable apps, specifically smartwatch apps, require permissions to access sensors, user profiles, and the Internet. These permissions, although not crucial for many mobile apps, are essential for health and fitness apps, as well as other wearable apps to work efficiently. Access to data on wearable devices enables malicious apps to extract personal user information. Moreover, benevolent apps can be utilized by attackers if they send private information insecurely. Many studies have examined privacy issues in smartphone apps, and very little has been done to identify and evaluate these issues in wearable smartwatch apps. Since wearable apps can reside either on the phone and watch or both, with all devices capable of accessing the Internet directly, a different dimension to information leakage is presented due to diverse ways in which these devices collect, store and transmit data.

This study classifies and analyzes information leakage in wearable smartwatch apps and examines the exposure of personal information using both static and dynamic approaches. Based on data collected from thousands of wearable applications, we show that standalone wearable apps leak less information compared to companion apps; the majority of data leaks exist in tracking services such as analytics and ad network libraries.

Keywords

Privacy Smartwatches Information leakage Tracking Wearable apps Android 

References

  1. 1.
    Boillat, T., Rivas, H., Wac, K.: “Healthcare on a Wris”: increasing compliance through checklists on wearables in obesity (self-)management programs. In: Rivas, H., Wac, K. (eds.) Digital Health. HI, pp. 65–81. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-61446-5_6CrossRefGoogle Scholar
  2. 2.
    Chauhan, J., Seneviratne, S., Kaafar, M.A., Mahanti, A., Seneviratne, A.: Characterization of early smartwatch apps. In: PerCom Workshops, pp. 1–6. Sydney, Australia, March 2016Google Scholar
  3. 3.
    Chen, G., Meng, W., Copeland, J.: Revisiting mobile advertising threats with MAdLife. In: The World Wide Web Conference, WWW 2019, pp. 207–217, San Francisco, CA, May 2019Google Scholar
  4. 4.
    Fafoutis, X., Marchegiani, L., Papadopoulos, G.Z., Piechocki, R., Tryfonas, T., Oikonomou, G.: Privacy leakage of physical activity levels in wireless embedded wearable systems. IEEE Signal Process. Lett. 24(2), 136–140 (2017)CrossRefGoogle Scholar
  5. 5.
    Hou, S., Ye, Y., Song, Y., Abdulhayoglu, M.: HinDroid: an intelligent Android malware detection system based on structured heterogeneous information network. In: KDD 2017, Halifax, Canada, pp. 1507–1515, August 2017Google Scholar
  6. 6.
    Korner, J., Hitzges, L., Gehrke, D.: Goko Store: Home. https://goko.me/
  7. 7.
    Lee, M., Lee, K., Shim, J., Cho, S., Choi, J.: Security threat on wearable services: empirical study using a commercial smartband. In: ICCE-Asia, Seoul, South Korea, pp. 1–5, October 2016Google Scholar
  8. 8.
    Li, X., Dong, X., Liang, Z.: A usage-pattern perspective for privacy ranking of Android apps. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 245–256. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13841-1_14CrossRefGoogle Scholar
  9. 9.
    Liu, R., Lin, F.X.: Understanding the characteristics of Android wear OS. In: ACM Mobisys, Singapore, Singapore, pp. 151–164, June 2016Google Scholar
  10. 10.
    Moonsamy, V., Batten, L.: Android applications: data leaks via advertising libraries. In: International Symposium on Information Theory and its Applications, Melbourne, Australia, pp. 314–317, October 2014Google Scholar
  11. 11.
    Mujahid, S.: Detecting wearable app permission mismatches: a case study on Android wear. In: 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, pp. 1065–1067, September 2017Google Scholar
  12. 12.
    Paul, G., Irvine, J.: Privacy implications of wearable health devices. In: SIN 2014, Glasgow, UK, pp. 117:117–117:121, September 2014Google Scholar
  13. 13.
    Sun, W., Cai, Z., Li, Y., Liu, F., Fang, S., Wang, G.: Security and privacy in the medical Internet of Things: a review. Secur. Commun. Netw. 2018, 1–9 (2018)Google Scholar
  14. 14.
    Tumbleson, C., Winiewski, R.: Apktool - a tool for reverse engineering 3rd party, closed, binary Android apps. https://ibotpeaches.github.io/Apktool/
  15. 15.
    Wu, S., Zhang, Y., Jin, B., Cao, W.: Practical static analysis of detecting intent-based permission leakage in Android application. In: IEEE ICCT, Chengdu, China, pp. 1953–1957, October 2017Google Scholar
  16. 16.
    Zhang, H., Rounte, A.: Analysis and testing of notifications in Android wear applications. In: International Conference on Software Engineering, Buenos Aires, Argentina, pp. 347–357, May 2017Google Scholar
  17. 17.
    Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., Shen, X.S.: Security and privacy in smart city applications: challenges and solutions. IEEE Commun. Mag. 55(1), 122–129 (2017)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of SaskatchewanSaskatoonCanada

Personalised recommendations