NESL Technical Report #: 2013-12-1
Abstract: Smart phones are used to collect and often share personal data with untrustworthy third-party apps, leading to data misuse and privacy violations. To mitigate privacy threats Android enforces explicit user permissions for a select set of privacy-prone resources. However, recent research has demonstrated both the inadequacy of this binary access control of resources and the vulnerability of drawing private inferences using combinations of so- called innocuous sensors. We present ipShield, a frame- work that provides users with greater control over their resources at runtime. ipShield performs monitoring of every sensor used by an app and uses this information to perform a privacy risk assessment. In an effort to establish a user-understandable privacy abstraction, the risks are conveyed to the user as a list of possible inferences. Based on user-defined lists of allowed and private inferences, a recommendation of possible privacy actions in the form of which sensors to enable and which to disable is generated. Finally, the user is provided with an option to override the generated actions and manually con- figure context-aware fine-grained privacy rules with actions such as data suppression, noise addition and faking of data streams. We implemented ipShield by modifying AOSP and tested it on a Nexus 4 phone. Our evaluations using computation intensive apps requiring continuous sensor data indicate that ipShield incurs negligible CPU and memory overhead and only a small reduction in battery life. We perform case studies with multiple apps to show the applicability of ipShield under various scenarios.
Publication Forum: USENIX NSDI 2014
NESL Document?: Yes
Document category: Conference Paper