Abstract
The Android unrestricted application market, being of open source nature, has made it a popular platform for third-party applications reaching millions of smart devices in the world. This tremendous increase in applications with an extensive API that includes access to phone hardware, settings, and user data raises concerns regarding users privacy, as the information collected from the apps could be used for profiling purposes. In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present. Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services without providing adequate or precise information to the users. Moreover, as they are using third-party libraries, they suffer from the intra-library collusion issue, that could be exploited from advertising and analytics companies through apps and gather large amount of personal information without the explicit consent of the user.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 786698. The work reflects only the authors’ view and the Agency is not responsible for any use that may be made of the information it contains.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alshammari, M., Simpson, A.: Towards a principled approach for engineering privacy by design. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds.) APF 2017. LNCS, vol. 10518, pp. 161–177. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67280-9_9
Android Developers, Permissions Overview. https://goo.gl/A7QG1J. Accessed 22 Jan 2019
Athanasopoulos, E., Kemerlis, V.P., Portokalidis, G., Keromytis, A.D.: NaClDroid: native code isolation for android applications. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 422–439. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_21
Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., Shadbolt, N.: Third Party Tracking in the Mobile Ecosystem. arXiv:1804.03603v3 [cs.CY] (2018)
Bujlow, T., Carela-Español, V., Solé-Pareta, J., Barlet-Ros, P.: A survey on web tracking: mechanisms, implications, and defenses. Proc. IEEE 105, 1476–1510 (2017). https://doi.org/10.1109/jproc.2016.2637878
Castelluccia, C.: Behavioural tracking on the internet: a technical perspective. In: Gutwirth, S., Leenes, R., De Hert, P., Poullet, Y. (eds.) European Data Protection: In Good Health, pp. 21–33. Springer, Heidelberg (2012). https://doi.org/10.1007/978-94-007-2903-2_2
Chatzistefanou, V., Limniotis, K.: On the (non-)anonymity of anonymous social networks. In: Katsikas, S.K., Zorkadis, V. (eds.) e-Democracy 2017. CCIS, vol. 792, pp. 153–168. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71117-1_11
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_1
European Union Agency for Network and Information Security: Privacy and data protection in mobile applications - A study on the app development ecosystem and the technical implementation of GDPR (2017). https://doi.org/10.2824/114584
Gervais, A., Filios, A., Lenders, V., Capkun, S.: Quantifying web adblocker privacy. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 21–42. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_2
Grammatikakis, K.-P., Ioannou, A., Shiaeles, S., Kolokotronis, N.: Are cracked applications really free? An empirical analysis on Android devices. In: 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC), pp. 730–735 (2018). https://doi.org/10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00127
GSM Association: Safety, privacy and security across the mobile ecosystem - Key issues and policy implications. https://www.gsma.com/publicpolicy/wp-content/uploads/2017/02/GSMA_Safety-privacy-and-security-across-the-mobile-ecosystem.pdf (2017). Accessed 23 Dec 2018
Ikram, M., Kaafar, M. A.: A first look at mobile Ad-Blocking apps. In IEEE 16th International Symposium on Network Computing and Applications (NCA), pp. 1–8 (2017). https://doi.org/10.1109/NCA.2017.8171376
Jesus, V., Mustare, S.: I did not accept that: demonstrating consent in online collection of personal data. In: Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 33–45. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27813-7_3
Krumm, J.: Ubiquitous advertising: the killer application for the 21st century. IEEE Pervasive Comput. 10, 66–73 (2010). https://doi.org/10.1109/mprv.2010.21
Kurtz, A., Gascon, H., Becker, T., Rieck, K., Freiling. F.: Fingerprinting mobile devices using personalized configurations. In: Proceedings on Privacy Enhancing Technologies (PoPETs), vol. 1, pp. 4–19 (2016). https://doi.org/10.1515/popets-2015-0027
Razaghpanah, A., et al.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem. In: Network and Distributed System Security Symposium (2018)
Ren, J., Lindorfer, M., Dubois, D.J., Rao, A., Choffnes, D., Vallina-Rodriguez, N.: Bug fixes, improvements, ... and privacy leaks - a longitudinal study of PII leaks across android app versions. In: Network and Distributed System Security Symposium (2018). https://doi.org/10.14722/ndss.2018.23159
Reyes, I., et al.: Is our children’s apps learning? Automatically detecting coppa violations. In: IEEE Workshop on Technology and Consumer Protection (ConPro) (2017)
Son, S., Kim, D., Shmatikov, V.: What mobile ads know about mobile users. In: Network and Distributed System Security Symposium (2016). https://doi.org/10.14722/ndss.2016.23407
Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in Android ad libraries. In: Workshop on Mobile Security Technologies (MoST), p. 10 (2012)
Taylor, V.F., Beresford, A.R., Martinovic, I.: Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones. arXiv:1708.03520v1 [cs.CR] (2017)
Wang, W., Wang, X., Feng, W., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9, 1869–1882 (2014). https://doi.org/10.1109/TIFS.2014.2353996
Acknowledgment
The authors would like to thank Narseo Vallina-Rodriguez from the International Computer Science Institute (ICSI) in Berkeley for providing useful explanation on the Lumen tool’s monitoring process, as well as the anonymous reviewers for their useful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Monogios, S., Limniotis, K., Kolokotronis, N., Shiaeles, S. (2020). A Case Study of Intra-library Privacy Issues on Android GPS Navigation Apps. In: Katsikas, S., Zorkadis, V. (eds) E-Democracy – Safeguarding Democracy and Human Rights in the Digital Age. e-Democracy 2019. Communications in Computer and Information Science, vol 1111. Springer, Cham. https://doi.org/10.1007/978-3-030-37545-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-37545-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37544-7
Online ISBN: 978-3-030-37545-4
eBook Packages: Computer ScienceComputer Science (R0)