Android apps and privacy risks : what attackers can learn by sniffing mobile device traffic
<p>Recent years have witnessed significant growth in the mobile device landscape as smartphones and tablet computers have become more affordable and more feature-rich. Users commonly extend the functionality built into these mobile devices by installing add-on applications, called apps. Many p...
| Main Authors: | , , |
|---|---|
| Format: | Working paper |
| Language: | English |
| Published: |
Centre for Doctoral Training in Cyber Security
2014
|
| Subjects: |
| _version_ | 1797055742718509056 |
|---|---|
| author | Taylor, V Nurse, J Hodges, D |
| author_facet | Taylor, V Nurse, J Hodges, D |
| author_sort | Taylor, V |
| collection | OXFORD |
| description | <p>Recent years have witnessed significant growth in the mobile device landscape as smartphones and tablet computers have become more affordable and more feature-rich. Users commonly extend the functionality built into these mobile devices by installing add-on applications, called apps. Many popular apps adopt a client-server architecture and communicate with Internet-based services to provide users with a rich and dynamic experience. Worryingly, some of these apps need to access sensitive data such as phonebook entries, appointments, messages, or a user's geographic location, but precisely how apps use and transmit sensitive data over wireless networks has not been widely studied. We examine the traffic sent from 35 popular Android apps spread over 6 categories to explore what an attacker with a promiscuous wireless receiver could learn about a target. We discovered that the majority of the apps that were tested had a detrimental impact on privacy by sending sensitive data without encrypting it. We also discovered that in some cases, improper application design rendered SSL encryption useless at preventing privacy leaks. We discuss ways in which an attacker can use both active and passive attacks to identify and track a user or invade their privacy. Finally, we suggest and discuss several possible solutions to mitigate the privacy risks that were identified.</p> |
| first_indexed | 2024-03-06T19:14:08Z |
| format | Working paper |
| id | oxford-uuid:17c44695-402c-4275-8dab-468966d8fe0b |
| institution | University of Oxford |
| language | English |
| last_indexed | 2024-03-06T19:14:08Z |
| publishDate | 2014 |
| publisher | Centre for Doctoral Training in Cyber Security |
| record_format | dspace |
| spelling | oxford-uuid:17c44695-402c-4275-8dab-468966d8fe0b2022-03-26T10:39:24ZAndroid apps and privacy risks : what attackers can learn by sniffing mobile device trafficWorking paperhttp://purl.org/coar/resource_type/c_8042uuid:17c44695-402c-4275-8dab-468966d8fe0bCyber SecurityComputingEnglishOxford University Research Archive - ValetCentre for Doctoral Training in Cyber Security2014Taylor, VNurse, JHodges, D<p>Recent years have witnessed significant growth in the mobile device landscape as smartphones and tablet computers have become more affordable and more feature-rich. Users commonly extend the functionality built into these mobile devices by installing add-on applications, called apps. Many popular apps adopt a client-server architecture and communicate with Internet-based services to provide users with a rich and dynamic experience. Worryingly, some of these apps need to access sensitive data such as phonebook entries, appointments, messages, or a user's geographic location, but precisely how apps use and transmit sensitive data over wireless networks has not been widely studied. We examine the traffic sent from 35 popular Android apps spread over 6 categories to explore what an attacker with a promiscuous wireless receiver could learn about a target. We discovered that the majority of the apps that were tested had a detrimental impact on privacy by sending sensitive data without encrypting it. We also discovered that in some cases, improper application design rendered SSL encryption useless at preventing privacy leaks. We discuss ways in which an attacker can use both active and passive attacks to identify and track a user or invade their privacy. Finally, we suggest and discuss several possible solutions to mitigate the privacy risks that were identified.</p> |
| spellingShingle | Cyber Security Computing Taylor, V Nurse, J Hodges, D Android apps and privacy risks : what attackers can learn by sniffing mobile device traffic |
| title | Android apps and privacy risks : what attackers can learn by sniffing mobile device traffic |
| title_full | Android apps and privacy risks : what attackers can learn by sniffing mobile device traffic |
| title_fullStr | Android apps and privacy risks : what attackers can learn by sniffing mobile device traffic |
| title_full_unstemmed | Android apps and privacy risks : what attackers can learn by sniffing mobile device traffic |
| title_short | Android apps and privacy risks : what attackers can learn by sniffing mobile device traffic |
| title_sort | android apps and privacy risks what attackers can learn by sniffing mobile device traffic |
| topic | Cyber Security Computing |
| work_keys_str_mv | AT taylorv androidappsandprivacyriskswhatattackerscanlearnbysniffingmobiledevicetraffic AT nursej androidappsandprivacyriskswhatattackerscanlearnbysniffingmobiledevicetraffic AT hodgesd androidappsandprivacyriskswhatattackerscanlearnbysniffingmobiledevicetraffic |