A team of researchers from Northeastern University demonstrated how Android applications can be manipulated to transmit sensitive information using a phone's built-in sensors.
The apps must ask the user for permission to access sensitive user information, but many users do not read the requests for permissions and accidentally grant unfettered access to the app.
The researchers show an Android app does not need a phone's global-positioning system or Wi-Fi to track a user's location, as apps automatically have access to sensors that detect the device's movements, orientation, and location.
To test the accuracy of these sensors, the researchers built their own app that uses an algorithm to input data from the sensors into maps of the world's roads. They then simulated road trips in 11 cities and drove 1,000 kilometers around Massachusetts. Measurements were derived from the phones' change of positions and the system generated the five most likely routes for each trip, which were correct 50% of the time.
"Adversaries can recover lots of details through these side channels," says Northeastern professor Guevara Noubir. To protect against potential invasions of privacy, Noubir recommends consumers not install unfamiliar or untested apps, while apps used infrequently should be uninstalled.
From Northeastern University News
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found