Characterising Sensor Leaks in Android Apps

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks.

• Paper: Sun, X., Chen, X., Liu, K., Wen, S., Li, L., Grundy, J. Characterizing Sensor Leaks in Android Apps. IEEE 2021.
• Tool:Characterizing Sensor Leaks in Android Apps
• Project summary

Project Lead

Dr Xiaoyu Sun

Project Team

Prof. John Grundy, Prof Li Li