Security and Privacy of New Features on Smartphones

Open Access
Xu, Zhi
Graduate Program:
Computer Science and Engineering
Doctor of Philosophy
Document Type:
Date of Defense:
September 25, 2012
Committee Members:
  • Sencun Zhu, Dissertation Advisor
  • Sencun Zhu, Committee Chair
  • Guohong Cao, Committee Member
  • Tom La Porta, Committee Member
  • Dennis Kon Jin Lin, Committee Member
  • phone sensing
  • notification services
  • sensor management
  • security and privacy in phone
  • trojan application
  • spam and phishing
Smartphones have become an indispensable part of our daily lives. Thanks to advances in both hardware and software, modern smartphones provide innovative features to third party applications (a.k.a., apps) running on their platforms. Those features, including various onboard sensors and notification services, have been widely applied in third party applications. They allow the developers to build innovative third party applications. Also, they greatly improve the interactive experience for phone users. As these features and their provided services are becoming more and more popular, concerns are raised about whether the features and the services they provide might introduce security vulnerabilities to the smartphone or cause private information leakages of phone users. Because these features are newly introduced and never appear on the previous dumbphones, they have been barely studied from the perspectives of security and privacy in previous literatures. In this dissertation, we present our studies focusing on two types of popular features on smartphones: onboard sensors (and the sensor services they provide) and notification services. For each feature, we elaborate our studies from both the attack side (i.e., exploring attack approaches on phone users utilizing the feature) and the defense side (i.e., proposing designs and solutions to prevent potential feature-based attacks). For the onboard sensors on smartphones, we present a study of inferring a user's tap inputs on a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the device movements and gesture changes of a smartphone using its onboard motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrences of tap events on the touchscreen as well as the tapped positions on the touchscreen. To manage the onboard sensors and prevent sensor-based attacks, we propose a privacy-aware sensor management framework, called SemaDroid, which extends the existing sensor management framework on Android to provide the comprehensive and fine-grained access control over onboard sensors. SemaDroid allows the smartphone user to know the sensor usage of every installed application, specify context-aware and quality-of-sensing based access control policies, and enforce the policies in real-time. Further, considering the trade-off between functionalities of installed third party applications and privacy of users, SemaDroid provides a privacy bargain feature that allows users to control the disclosure of sensing information while keeping the application running. For the notification service, we show that notification customization may allow an installed trojan application to launch phishing attacks or anonymously post spam notifications. Through our studies on four major smartphone platforms, we show that both Android and BlackBerry OS are vulnerable under the phishing and spam notification attacks. iOS and Windows Phone allow little notification customization, thus launching the phishing and spam attacks will expose the identity of the trojan application. Our notification service studies point out the important vulnerability of lacking view authentication in the existing view-based smartphone platforms. To prevent the user from being tricked by the phishing notification and to locate the malware application spreading phishing and spam notifications, while still allowing notification customization, we propose a Semi-OS-Controlled notification view design principle and a Notification Logging service. Moreover, to protect applications from fraudulent views, we propose a view authentication framework, named SecureView, which enables the third party applications to add the authentication image and text to their sensitive views (e.g. the account login view). The design, implementation, demonstrations, and evaluation of proposed attack and defense approaches are elaborated in the dissertation.