Popis: |
Android's permission system empowers informed privacy de- cisions when installing third-party applications. However, ex- amining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an ap- plication with the common READ EXTERNAL STORAGE and the INTERNET permissions can be the basis of extract- ing and inferring a wealth of private information. What has been overlooked is that such a \curious" application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protec- tion, we manage to access highly sensitive information: user identi ers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, \curious" applications. |