Ecole d'ingénieur et centre de recherche en Sciences du numérique

Short Paper: WifiLeaks: Underestimated Privacy Implications of the Access_Wifi_State Android Permission

Achara, Jagdish Prasad; Cunche, Mathieu; Roca, Vincent; Francillon , Aurélien

WISEC 2014, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 23-25 July 2014, Oxford, United Kingdom

On Android, installing an application implies accepting the permissions it requests, and these permissions are then enforced at runtime. In this work, we focus on the privacy implications of the ACCESS_WIFI_STATE permission. For this purpose, we analyzed permissions of the 2700 most popular applications on Google Play and found that the ACCESS_WIFI_STATE permission is used by 41% of them. We then performed a static analysis of 998 applications requesting this permission and based on the results, chose 88 applications for dynamic analysis. Our analyses reveal that this permission is already used by some companies to collect user Personally Identifiable Information (PII). We also conducted an online survey to study users' perception of the privacy risks associated with this permission. This survey shows that users largely underestimate the privacy implications of this permission. As this permission is very common, most users are therefore potentially at risk.

Document Doi Hal Bibtex

Titre:Short Paper: WifiLeaks: Underestimated Privacy Implications of the Access_Wifi_State Android Permission
Type:Conférence
Langue:English
Ville:Oxford
Pays:ROYAUME-UNI
Date:
Département:Sécurité numérique
Eurecom ref:4305
Copyright: © ACM, 2014. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in WISEC 2014, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 23-25 July 2014, Oxford, United Kingdom http://dx.doi.org/10.1145/2627393.2627399
Bibtex: @inproceedings{EURECOM+4305, doi = {http://dx.doi.org/10.1145/2627393.2627399}, year = {2014}, title = {{S}hort {P}aper: {W}ifi{L}eaks: {U}nderestimated {P}rivacy {I}mplications of the {A}ccess_{W}ifi_{S}tate {A}ndroid {P}ermission}, author = {{A}chara, {J}agdish {P}rasad and {C}unche, {M}athieu and {R}oca, {V}incent and {F}rancillon , {A}ur{\'e}lien}, booktitle = {{WISEC} 2014, 7th {ACM} {C}onference on {S}ecurity and {P}rivacy in {W}ireless and {M}obile {N}etworks, 23-25 {J}uly 2014, {O}xford, {U}nited {K}ingdom}, address = {{O}xford, {ROYAUME}-{UNI}}, month = {07}, url = {http://www.eurecom.fr/publication/4305} }
Voir aussi: