See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/313468353
Privacy Concerns on Android Devices
Conference Paper · January 2017
DOI: 10.1109/ICCE.2017.7889265
CITATIONS
READS
9
1,988
2 authors:
Asma K.
Peter Corcoran
University of Galway
University of Galway
11 PUBLICATIONS 352 CITATIONS
628 PUBLICATIONS 4,797 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Blockchain for Healthcare View project
Data Augmentation using Generative Adversarial Networks (GAN) View project
All content following this page was uploaded by Asma K. on 30 January 2019.
The user has requested enhancement of the downloaded file.
SEE PROFILE
Privacy Concerns on Android Devices
Asma KHATOON1, 2, Student Member, IEEE, Peter CORCORAN1, Fellow, IEEE
1
C3 Imaging Center, College of Engineering & Informatics NUI Galway, Galway, Ireland
2
FotoNation, Galway, Ireland
{a.khatoon1, peter.corcoran}@ nuigalway.ie
Abstract— Smartphones have become conduits for our
most personal information and data. When one wants to install an
app on their device, they have to allow the apps to access their
camera, internet, location etc. This can lead to privacy issues and
affect the user privacy. For example, granting privileges to location
leads to tracking the user through their phone. In this paper, privacy
issues of android system are discussed. A number of conventional
and some more unusual challenges to our individual privacy are
identified and discussed.
Index Terms—android devices, privacy issues, social media, apps.
I. INTRODUCTION
Privacy and security are considered as the same concept. There
exists a confusion between these two terms. Though privacy and
security are closely related with each other, they have different
meanings. Privacy is the ability to take decision that what
information about someone goes where; security determines the
ability to be confident that those decisions are respected. In simple
words, we can say privacy is only concerned with how the data is
to be collected and used. Security deals with the protection of that
personal data from encroachers.
Smartphone is an easy to carry portable electronic device that
has features of both mobile phone and a computer. It has made
interpersonal communication easier in different ways [1]. When it
comes to applications for smartphones, these are continuously
expanding, from Internet browsing to e-mailing, to gaming, to
banking, to shopping, and managing travel arrangements –
airfares, car rental, etc. In combination with new network services
these smartphone apps are replacing traditional taxi services,
short-let accommodation and even your local gym with more
flexible and available ‘network sourced’ alternatives. People are
generally not aware of the consequences of installing these
applications and they usually skip reading the terms and conditions
the user have to agree to for the usage of these applications.
A user doesn’t know what can be done with their data after
having those permissions accepted during the installation of apps.
TRUSTe and Harris interactive conducted study [2] about top 340
Android apps a found that only 19% have included links to privacy
policies.
Android provides Linux Kernel security on its operating
system level and when it comes to APIs, every app has to request
permissions to access different resources on the phone. Examples
are the camera, microphone, GPS, Network connection, phone
connection, bluetooth, local storage, user data (pictures, e-mail,
contacts), etc. Application developers need permission to access
these APIs through the AndroidManifest.xml file. In turn different
types of apps use these resources in different ways. The key
question here is how the 'resource permissions' and the way in
which these are used can impact on our 'privacy'. How can a user
understand from looking at a set of permissions how this will
impact on their 'privacy'? The answer is that they can't because
most people don't even understand what privacy means.
Basically Android applications have no permissions associated
by default. For example, if an application needs permission to
access internet, it needs to mention in its AndroidManifest.xml file
like;
<uses-permission android:name="android.permission.INTERNET" />
In this paper, privacy issues of Android applications are
discussed and how these applications exploits the end user’s
privacy are presented. It will also give an overview of the different
types of privacy.
II. APPLICATION PRIVACY
For mobile devices, Android provides an open source
application environment and platform. Most of the android
applications are written in Java but they can also be written in their
native code. The android core operating system is based on the
Linux kernel. The Linux kernel provides Android with many
security features which ensures security for the smartphone which
includes user-based permissions model, Process isolation,
Extensible mechanism for secure IPC and the ability to remove
unnecessary and potentially insecure parts of the kernel. Android
application building blocks consist of AndroidManifest.xml,
activities, services and broadcast receiver.
An average person spends a lot of time on their smartphone.
This includes checking social media notifications, communicating
through communication apps, web browsing, playing music, etc.
The average user doesn’t know how these apps are impacting on
their privacy.
Smartphone holds lots of personal information which includes
images, videos, contacts, bank account details, location, age and
gender. This information can do a lot of damage to the user if it
goes in the wrong hands. A cybercriminal may want to steal your
money by snooping into your smartphone through malware. Then
there are advertisers who are in search of people who can buy their
TABLE I
GOOGLE PLAY STORE CATEGORY AND APPS
Google Play Store Category
Apps selected
Comics
Marvel Comics, DC Comics,
Astonishing Comics, Comicat,
Rage Comics
Communications
WhatsApp, Skype, IMO,Viber,
Kik
Demo
Survival craft, Edge demo, World
of Goo, Spanish Class, n-Track
Entertainment
Netflix, Tubi TV, Talking Tom
Cat 2,Dubsmash,Youtube
Finance
Yahoo Finance, Finance Manager,
My
Finances,
Financial
Calculator, CNN Money Business
and Finance
Health
S Health, Google fit-fitness
tracking, Total Health Care, Yoga
and Health tips, Pedometer
Libraries
JW library, Gospel library,
Overdrive,
Libraries
for
developers, Scribd- A world of
books
Lifestyle
Lifestyle, Fabulous-Motivate me,
My
Horoscope,
Shibboleth
Lifestyle, Steinbach Lifestyle
Multimedia
VLC Player, MX Player, FLV
Player, Lopez Multimedia, Kodi
News
BBC,Fox,CNN,NBC,Yahoo
Shopping
Amazon,
eBay,
Wanelo,
AliExpress, Wish Shopping made
fun
Social
Facebook, Twitter, Instagram,
Badoo, linkedin
Travel
World Travel Guide, World
Explorer-Travel
Guide,
Cheapflights – Flight Search,
Airbnb, Skyscannner
The purpose is to study the type of control being given by
android OS and the practical implication which may result from
this authorization.
In table II we listed the most sensitive permissions with regard
to user privacy and try to analyse the frequency with which they
are being requested by our selected group of apps.
TABLE II
PERMISSIONS VS APPS
Important Permissions
Number of apps requesting
permission
Calendar
2
Camera
18
Contacts
37
Location
34
Microphone
14
Phone
27
SMS
9
Storage
66
Wi-Fi Connection
30
Photos/Media/Files
54
As seen from table II frequency of apps requesting sensitive
permission [3] like storage, contacts and camera are very high. The
main concern is how these apps are programmed to use these
sensitive permissions. For example, permission of camera can be
misused in many ways. Currently there are apps available in the
App store which can take pictures and videos of the user without
the consent of user and then send them to a remote server. With
high resolution cameras provided with smartphones, this puts the
privacy of the user in great jeopardy because this data can be
processed to get biometric information such as Iris, finger prints
data.[4].A recent privacy flaw in a popular messaging app has put
million of its user at risk [5].
Apps
product and services. Advertisers pay app developers to get access
to the user’s data. They provide the code for the app-developers to
build into app. This code not only shows the ad when the app opens
but also can send personal information to the advertiser.
In this section a survey is done in which we take a look at
different types of apps available at Google app store and number
of permissions requested. Google categorizes its apps into 18 main
sub-categories which are Comics, Communication, Entertainment,
Finance, Health, Lifestyle, Multimedia, News and Weather,
Shopping, Social, Sports, Travel, Demo, and Software libraries.
We are going to have a look at the five most popular and top rated
app of main categories and observe the frequency of permission
requested by each category.
80
60
40
20
0
Permissions
Figure 1: Permissions Vs Apps
Android apps such as Google Analytics, Google Fonts and
Google APIs enable google to determine a user’s route. This is
done by tracking the IP address of the device through successive
websites .In addition there are apps which turn the smartphone into
a surveillance device [6]. These types of Apps have the ability to
send live video feed to remote http servers. One particular example
of this type of app is FollowMe. Another example of online
tracking is by using flash cookies. These cookies track the
behavior of user by storing information about the user’s online
browsing activities. Device fingerprinting is another method
which is can be used to track your smartphone, tablet or laptop.
Nowadays a lot of communication written or oral is done
through smartphones [7]. In 2013 Google was accused by
Microsoft of scanning the email contents of the users to deliver
targeted ads. In 2014 Edward Snowden accused US government
searching email contents, tracking smartphones through a highly
powerful decryption software BULLRUN.
Personal choices and experiences are being monitored when
the user accesses online services. One particular example is the
behavioural marketing or tracking done by advertisers. Many
mobile websites and apps work with advertisers to manage and
targets ads. This is done so that ad networks have an idea which
ad has most views. Another good example is YouTube and
Spotify. Both companies are known to use advance algorithms to
track a user’s choice for videos and music and they then use this
information to display the videos or music the user probably likes.
Another main concern is in the use of mobile and fitness apps.
These fitness apps collect a lot of personal information such as
gender, age, weight, height, dieting information and exercise
habits. No health regulation exists till now which protects a user’s
medical data. If this data goes public then there is nothing much a
user can do.
The smartphone isn’t the sole culprit in this story. The data has
to go ‘somewhere’ in order to create ‘value’. Cloud is a key enabler
for connected consumer devices [8]. It empowers them through the
commoditization of services from storage and content
management, to personal communications and social media. Most
smartphone services don’t happen exclusively on the device but
involve online components ‘out there’ on the Cloud.
The survey indicates that architecture of android OS needs a
critical evaluation and overhauling. More stringent security
measures are needed to be placed in android OS and there should
be strict criteria regarding the permissions granted by android to
apps. There should be some inbuilt procedure in the cellphone
which has the ability to decide if a particular permission is
necessary for the app or not and if app is misusing the set of
permissions granted.
III. PRIVACY OF LOCATION
This form of privacy isn’t about tracking your location; it was
introduced to cover the increasing use of surveillance/monitoring
technologies in urban environments [9].
This surveillance can be in the form of audio, video or location
surveillance. Currently there are many apps offered by google play
store that can turn a cellphone into a surveillance device. One such
example is Alfred app which can turn the android OS into a CCTV
alternative, home security camera, IP camera, IP cam, IPcam,
security cam. Similarly, there are apps available in store which can
easily locate individual location. One such example is Friend
Locator.
IV. PRIVACY ISSUES REGARDING SOCIAL MEDIA
Online social networks such as Facebook, LinkedIn and twitter
helps us to connect with each other, share our ideas and make new
contacts. With the integration of social media into android device,
it has become very easy for the user to post his day to day activities
on the internet. This may invade user privacy. Different groups of
people are interested in information given on social media which
includes corporates, advertisers, and stalkers. Companies that are
running these social network are also collecting personal
information to predict the latest trends and mood of their
customers. In 2011 social networking website Facebook was
accused of collecting contact list of its users through it smartphone
app [10].In march 2012 over 18 companies were sued that
unlawfully collected user’s information. Among them were social
networking giants such as Facebook and Twitter [11].
In 2009, a survey conducted by AT&T Labs and Worcester
Polytechnic Institute shows that the unique identifying code which
is assigned to users by social media sites can be matched with the
behavior tracked by cookies. It means that advertisers can build
users profile and observe their daily life activities by gathering
these information from social networking websites.
There is research study conducted by Krishnamurthy and Wills
which shows that it is possible for third-parties to link personally
identifiable information (PII), which is leaked via online social
networking websites (OSNs), with user actions [12].
V. PRIVACY AND LEGISLATION
According to Troy H. of the Juniper Global Threat Center,
many software developers collect information from device
through installing apps and then they store those information on
third-party servers to build device profiles or ad profiles so they
can deliver application contents [13]. It’s worth to note here that
how all these free applications collect the device data and use to
build ad profile by transmitting the data to third parties.
VI. PRIVACY AND GOVERNMENT
The National Security Agency and Britain’s GCHQ are the
world’s most powerful intelligence services. These agencies used
mobile data to track their target person around the globe. Those
who makes these surveillance system are offering government
officials to track the movement to almost every person, who
carries cell phone. The technology works by exploiting all mobile
company networks. It is the requirement of these surveillance
systems to keep record about their customer’s location and other
personal data to deliver their services. They collect people
information to have record to map their travels over days or longer
and build their profile for company marketing.
These surveillance system enables the technology to track the
person’s location by just typing their phone number into a
computer portal and then through this portal they can collect
information from the location database maintained by the cellular
networks. In this way, they track person’s locations through the
cell tower [14]. It is still not known which government has got
these kind of tracking system. It is illegal in most countries to keep
track of people data without their consent.
VII. PRECAUTIONS FOR SAFE APP USE
To avoid exploitation of your privacy, when you are
downloading apps just make sure that you are using legitimate
sources for downloading apps such as Google Play store. So the
malware could not steal your private information on your device.
Before downloading any app from the app store, first read the
reviews about app which are already given by different users and
make sure that the app developer is legitimate. Also read privacy
policy and first understand them that what kind of permissions that
app is asking for.
If you are concerned about how much personal data is
gathered by the app and that some specific app is asking for too
much permission that could affect your privacy just uninstall the
app to protect your data [15].
VIII. CONCLUSIONS
In this paper, we have discussed privacy issues on android
devices. Anything you store on your smartphone is at risk of being
compromised. Users are now offered tools and controls to manage
and adjust their privacy settings. These developments are driven
partly by legislation, partly by an increasing user awareness of
privacy, but to a large degree by the self-interest of services
providers. Apps can read users information, when the user try to
install app, he agrees with all the terms and conditions, which the
app required for installation and then without the user knowledge,
that specific app can have all the information of the person. We
have also took some apps from the google play store and did their
mapping with the permissions they need to access for installing
using Android.
ACKNOWLEDGMENT
This research is supported by the Employment Based
Postgraduate Program of the Irish Research Council (IRC) and
partially funded under the SFI Strategic Partnership Program by
Science Foundation Ireland (SFI) and FotoNation Ltd. Project ID:
13/SPP/I2868 on Next Generation Imaging for Smartphone and
Embedded Platforms."
REFERENCES
[1] Sufatrio, D. Tan, T. Chua and V. Thing, “Securing Android: A
Survey, Taxonomy and Challenges” Institute for Infocomm
Research, Singapore, ACM Comput. Surv. 47, 4, Article 58 May
2015.
View publication stats
[2] www.pcmag.com/article2/0,2817,2384363,00.asp
[3] https://developer.android.com/guide/topics/security/permissions.ht
ml
[4] A. Kelec, D. Vukovic, “ Privacy Threats on Android Devices: Big
Brother is watching you”, 23rd Telecommunications forum
TELFOR 2015, November 24-26, 2015.
[5] https://www.aclu.org/blog/keeping-government-out-yoursmartphone
[6] Christoph Stach,” How to Assure Privacy on Android Phones and
Devices?,” 14th IEEE International Conference on Mobile Data
Management 2013.
[7] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri,” A Study of
Android Application Security”, Systems and Internet Infrastructure
Security Laboratory.
[8] P. Corcoran, “The Internet of Things: Why now, and what? s next?,”
Consum. Electron. Mag. IEEE, 2016 [Online]. Available:
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7353271.
[Accessed: 30-Dec-2015]
[9] R. L. Finn, D. Wright, and M. Friedewald, “Seven types of privacy,”
in European Data Protection: Coming of Age, 2013, pp. 3–32.
[10] Facebook’s phonebook fiasco, IT WORLD (Aug. 11, 2011), at
http://www.itworld.com/it managementstrategy/192399/facebooksphonebookfiasco (describing the Facebook syncing feature).
[11] Chloe Albanesius, 18 Firms Sued Over App Privacy, Including
Apple, Twitter, Facebook, PCMAG.COM (Mar. 15, 2012), at
http://www.pcmag.com/article2/0,2817,2401625,00.asp.
[12] B. Krishnamurthy, C. Wills, “On the Leakage of Personally
Identifiable Information Via Online Social Networks” AT&T Labs
– Research Florham Park, NJ USA.
[13] http://www.computerworld.com/article/2509878/dataprivacy/smartphone-apps--is-your-privacy-protected-.html
[14] https://www.washingtonpost.com/business/technology/for-salesystems-that-can-secretly-track-where-cellphone-users-go-aroundthe-globe/2014/08/24/f0700e8a-f003-11e3-bf76447a5df6411f_story.html
[15] http://www.telegraph.co.uk/technology/internetsecurity/11850817/
WhatsApp-security-breach-lets-hackers-target-web-app-users.html