Abstract — Usage behaviors of different smartphone apps capture different views of an individual’s life, and are largely independent of each other. However, in the current mobile app ecosystem, a curious party can covertly link and aggregate usage behaviors of the same user across different apps. We refer to this as unregulated aggregation of app-usage behaviors. In this paper, we present a fresh perspective of unregulated aggregation, focusing on monitoring, characterizing and reducing the underlying linkability across apps. The cornerstone of our study is the Dynamic Linkability Graph (DLG) which tracks app-level linkability during runtime. We observed how DLG evolves on real-world users and identified real-world evidence of apps abusing IPCs and OS-level identifying information to establish linkability. Based on these observations, we propose a linkability-aware extension to current mobile operating systems, called LinkDroid,which provides runtime monitoring and mediation of linkability across different apps. LinkDroid is a client-side solution and compatible with the existing smartphone ecosystem. It helps end-users “sense” this emerging threat and provides them intuitive opt-out options.
Faculty: Kang G. Shin
Current Students: Huan Feng, Kassem Fawaz
Mobile users run apps for various purposes, and exhibit very different or even unrelated behaviors in running different apps. For example, a user may expose his chatting history to WhatsApp, mobility traces to Maps, and political interests to CNN. Information about a single user, therefore, is scattered across different apps and each app acquires only a partial view of the user. Ideally, these views should remain as ‘isolated islands of information’ confined within each of the different apps. In practice, however, once the users’ behavioral information is at the hands of the apps, it may be shared or leaked in an arbitrary way without the users’ control or consent. This makes it possible for a curious adversary to aggregate usage behaviors of the same user across multiple apps without his knowledge and consent, which we refer to as unregulated aggregation of app-usage behaviors.
Dynamic Linkability Graph (DLG)
We model linkability across different apps on the same device as an undirected graph, which is called the Dynamic Linkability Graph (DLG). Nodes in DLG represent apps and edges represent linkability introduced by different contributing sources. DLG monitors the linkability during runtime by tracking the apps’ access to various OS-level information and IPC channels. An edge exists between two apps if they accessed the same identifying information or engaged in an IPC. The following graph gives an illustrative example of the DLG.
LinkDroid: A Practical Countermeasure
Based on our observation and findings on linkability across real-world apps, we propose a practical countermeasure, LinkDroid, on top of DLG. LinkDroid adds a new dimension to access control on smartphone devices. Unlike existing approaches that check if some app behavior poses direct privacy threats, LinkDroid warns users about how it implicitly builds the linkability across apps. This helps users reduce unnecessary links introduced by abusing OS-level information and IPCs, which happens frequently in reality as our measurement study indicated.
The work reported in this paper was supported in part by the NSF under grants 0905143 and 1114837, and the ARO under W811NF-12-1-0530.
- Huan Feng, Kassem Fawaz, and Kang G. Shin, LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors, The 24th USENIX Security Symposium (Sec ‘15), August 12-14, 2015, Washington, D.C., USA. pdf