Abstract
The wide-spread availability of open WiFi networks on smart cities can be considered an advanced service for citizens. However, a device connecting to WiFi network access points gives away its location. On the one hand, the access point provider could collect and analyse the ids of connecting devices, and people choose whether to connect depending on the degree of trust to the provider. On the other hand, an app running on the device could sense the presence of nearby WiFi networks, and this could have some consequences on user privacy. Based on permission levels and mechanisms proper of Android OS, this paper proposes an approach whereby an app attempting to connect to WiFi networks could reveal to a third part the presence of some known networks, thus a surrogate for the geographical location of the user, while she is unaware of it. This is achieved without resorting to GPS readings, hence without needing dangerous-level permissions. We propose a way to counteract such a weakness in order to protect user privacy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
References
Achara, J.P., Cunche, M., Roca, V., Francillon, A.: Short paper: WifiLeaks: underestimated privacy implications of the access\(\_\)wifi\(\_\)state android permission. In: Proceedings of ACM Conference on Security and Privacy in Wireless and Mobile Networks (2014)
Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Not. 49(6), 259–269 (2014)
Ascia, G., et al.: Making android apps data-leak-safe by data flow analysis and code injection. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 205–210 (2016)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011)
Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027–2051 (2016)
Demir, L.: Wi-fi tracking: what about privacy. Master thesis, Grenoble (2013)
Di Stefano, A., Fornaia, A., Tramontana, E., Verga, G.: Detecting android malware according to observations on user activities. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2018)
Dondyk, E., Zou, C.C.: Denial of convenience attack to smartphones using a fake Wi-Fi access point. In: Proceedings of IEEE Consumer Communications and Networking Conference (CCNC), pp. 164–170 (2013)
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android SSL (in) security. In: Proceedings of ACM Conference on Computer and Communications Security (2012)
Faruki, P., et al.: Android security: a survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutor. 17(2), 998–1022 (2014)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of ACM Conference on Computer and Communications Security (2011)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceedings of IEEE Symposium on Security and Privacy (SP) (2016)
Google: Android. developer.android.com/topic/libraries/support-library (2019)
Krupp, B., Sridhar, N., Zhao, W.: SPE: security and privacy enhancement framework for mobile devices. IEEE Trans. Dependable Secure Comput. 14(4), 433–446 (2015)
Kywe, S.M., Li, Y., Petal, K., Grace, M.: Attacking android smartphone systems without permissions. In: Proceedings of IEEE Conference on Privacy, Security and Trust (PST), pp. 147–156 (2016)
Mustafa, H., Xu, W.: CETAD: detecting evil twin access point attacks in wireless hotspots. In: Proceedings of IEEE Conference on Communication and Network Security (2014)
Park, M.W., Choi, Y.H., Eom, J.H., Chung, T.M.: Dangerous Wi-Fi access point: attacks to benign smartphone applications. Pers. Ubiquit. Comput. 18(6), 1373–1386 (2014)
Poese, I., Uhlig, S., Kaafar, M.A., Donnet, B., Gueye, B.: Ip geolocation databases: unreliable? ACM SIGCOMM Comput. Comm. Review 41(2), 53–56 (2011)
Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of ACM Symposium on Access Control Models and Technologies, pp. 13–22 (2012)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inform. Syst. 38(1), 161–190 (2012)
Tramontana, E., Verga, G.: Mitigating privacy-related risks for android users. In: Proceedings of IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2019)
Verga, G., Fornaia, A., Calcagno, S., Tramontana, E.: Yet another way to unknowingly gather people coordinates and its countermeasures. In: Montella, R., et al. (eds.) Proceedings of International Conference on Internet and Distributed Computing Systems (IDCS). LNCS, vol. 11874. Springer (2019)
Acknowledgement
This work has been supported by project CREAMS—Codes Recognising and Eluding Attacks and Meddling on Systems—funded by Università degli Studi di Catania, Piano della Ricerca 2016/2018 Linea di intervento 2.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Verga, G., Calcagno, S., Fornaia, A., Tramontana, E. (2019). Smart Cities and Open WiFis: When Android OS Permissions Cease to Protect Privacy. In: Montella, R., Ciaramella, A., Fortino, G., Guerrieri, A., Liotta, A. (eds) Internet and Distributed Computing Systems . IDCS 2019. Lecture Notes in Computer Science(), vol 11874. Springer, Cham. https://doi.org/10.1007/978-3-030-34914-1_43
Download citation
DOI: https://doi.org/10.1007/978-3-030-34914-1_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34913-4
Online ISBN: 978-3-030-34914-1
eBook Packages: Computer ScienceComputer Science (R0)