research-article

CamForensics: Understanding Visual Privacy Leaks in the Wild

Authors:

Animesh Srivastava,

Soteris Demetriou,

Kyu-Han KimAuthors Info & Claims

SenSys '17: Proceedings of the 15th ACM Conference on Embedded Network Sensor Systems

Article No.: 30, Pages 1 - 13

https://doi.org/10.1145/3131672.3131683

Published: 06 November 2017 Publication History

Abstract

Many mobile apps, including augmented-reality games, bar-code readers, and document scanners, digitize information from the physical world by applying computer-vision algorithms to live camera data. However, because camera permissions for existing mobile operating systems are coarse (i.e., an app may access a camera's entire view or none of it), users are vulnerable to visual privacy leaks. An app violates visual privacy if it extracts information from camera data in unexpected ways. For example, a user might be surprised to find that an augmented-reality makeup app extracts text from the camera's view in addition to detecting faces. This paper presents results from the first large-scale study of visual privacy leaks in the wild. We build CamForensics to identify the kind of information that apps extract from camera data. Our extensive user surveys determine what kind of information users expected an app to extract. Finally, our results show that camera apps frequently defy users' expectations based on their descriptions.

References

[1]

Paarijaat Aditya, Rijurekha Sen, Seong Joon Oh, Rodrigo Benenson, Bobby Bhattacharjee, Peter Druschel, Tong Tong Wu, Mario Fritz, and Bernt Schiele. 2016. I-Pic: A Platform for Privacy-Compliant Image Capture (MobiSys).

Digital Library

[2]

Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupé, Mario Polino, Paulo de Geus, Christopher Kruegel, and Giovanni Vigna. 2016. Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS).

[3]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Notices 49, 6 (2014), 259--269.

Digital Library

[4]

Kai Chen, Peng Liu, and Yingjun Zhang. 2014. Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In Proceedings of the 36th International Conference on Software Engineering. ACM, 175--186.

Digital Library

[5]

Jonathan Crussell, Clint Gibler, and Hao Chen. 2013. Andarwin: Scalable detection of semantically similar android applications. In European Symposium on Research in Computer Security. Springer, 182--199.

[6]

Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, and Carl A Gunter. 2016. Free for all! assessing user data exposure to advertising libraries on android. In NDSS.

[7]

William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 5.

Digital Library

[8]

Miro Enev, Jaeyeon Jung, Liefeng Bo, Xiaofeng Ren, and Tadayoshi Kohno. 2012. SensorSift: Balancing Sensor Data Privacy and Utility in Automated Face Understanding (ACSAC).

Digital Library

[9]

Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security. ACM, 627--638.

Digital Library

[10]

Adam P Fuchs, Avik Chaudhuri, and Jeffrey S Foster. 2009. Scandroid: Automated security certification of android. (2009).

[11]

Michael C Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. 2012. Unsafe exposure analysis of mobile in-app advertisements. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM, 101--112.

Digital Library

[12]

Google Play Store in Numbers. 2016. https://techflow.me/2014/03/05/my-project-google-play-store-in-numbers/. (2016). {Online; accessed 3-Dec-2016}.

[13]

Suman Jana, David Molnar, Alexander Moshchuk, Alan Dunn, Benjamin Livshits, Helen J. Wang, and Eyal Ofek. 2013. Enabling Fine-Grained Permissions for Augmented Reality Applications With Recognizers. In USENIX Security.

Digital Library

[14]

Suman Jana, Arvind Narayanan, and Vitaly Shmatikov. 2013. A Scanner Darkly: Protecting User Privacy from Perceptual Applications. In S & P.

Digital Library

[15]

Yoon Kim. 2014. Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014).

[16]

Patrick Klinkoff, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2007. Extending. NET security to unmanaged code. International Journal of Information Security 6, 6 (2007), 417--428.

Digital Library

[17]

P Lantz, A Desnos, and K Yang. 2016. DroidBox: Android application sandbox. https://github.com/pjlantz/droidbox. (2016). {Online; accessed 4-Dec-2016}.

[18]

Bin Liu, Bin Liu, Hongxia Jin, and Ramesh Govindan. 2015. Efficient privilege de-escalation for ad libraries in mobile apps. In Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 89--103.

Digital Library

[19]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. In Acm sigplan notices, Vol. 40. ACM, 190--200.

Digital Library

[20]

Ziang Ma, Haoyu Wang, Yao Guo, and Xiangqun Chen. 2016. LibRadar: fast and accurate detection of third-party libraries in Android apps. In Proceedings of the 38th International Conference on Software Engineering Companion. ACM, 653--656.

Digital Library

[21]

Tomas Mikolov, Ilya Sutskever, Kai Chen, Greg S Corrado, and Jeff Dean. 2013. Distributed representations of words and phrases and their compositionality. In Advances in neural information processing systems. 3111--3119.

Digital Library

[22]

Annamalai Narayanan, Lihui Chen, and Chee Keong Chan. 2014. AdDetect: Automated detection of Android ad libraries using semantic analysis. In Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2014 IEEE Ninth International Conference on. IEEE, 1--6.

[23]

Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. 2013. Whyper: Towards automating risk assessment of mobile applications. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). 527--542.

Digital Library

[24]

Nisarg Raval, Animesh Srivastava, Ali Razeen, Kiron Lebeck, Ashwin Machanavajjhala, and Lanodn P. Cox. 2016. What You Mark is What Apps See (MobiSys).

Digital Library

[25]

Joseph Siefers, Gang Tan, and Greg Morrisett. 2010. Robusta: Taming the native beast of the JVM. In Proceedings of the 17th ACM conference on Computer and communications security. ACM, 201--211.

Digital Library

[26]

2016 Q2 Smartphone OS Market Share. 2016. http://www.idc.com/prodserv/smartphone-os-market-share.jsp. (2016). {Online; accessed 3-Dec-2016}.

[27]

Mengtao Sun and Gang Tan. 2014. NativeGuard: Protecting android applications from third-party native libraries. In Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks. ACM, 165--176.

Digital Library

[28]

A tool for reverse engineering Android apk files. 2016. https://ibotpeaches.github.io/Apktool/. (2016). {Online; accessed 3-Dec-2016}.

[29]

Nicolas Viennot, Edward Garcia, and Jason Nieh. 2014. A measurement study of google play. In ACM SIGMETRICS Performance Evaluation Review, Vol. 42. ACM, 221--233.

Digital Library

[30]

Robert Wahbe, Steven Lucco, Thomas E Anderson, and Susan L Graham. 1994. Efficient software-based fault isolation. In ACM SIGOPS Operating Systems Review, Vol. 27. ACM, 203--216.

Digital Library

[31]

Haoyu Wang, Yao Guo, Ziang Ma, and Xiangqun Chen. 2015. Wukong: A scalable and accurate two-phase approach to android app clone detection. In Proceedings of the 2015 International Symposium on Software Testing and Analysis. ACM, 71--82.

Digital Library

[32]

Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, and Konstantin Beznosov. 2015. Android permissions remystified: A field study on contextual integrity. In 24th USENIX Security Symposium (USENIX Security 15). 499--514.

Digital Library

[33]

Zhenlong Yuan, Yongqiang Lu, Zhaoguo Wang, and Yibo Xue. 2014. Droidsec: Deep learning in android malware detection. In ACM SIGCOMM Computer Communication Review, Vol. 44. ACM, 371--372.

Digital Library

[34]

Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In NDSS, Vol. 25. 50--52.

Cited By

Venugopalan HDin ZCarpenter TLowe-Power JKing SShafiq Z(2024)AragornProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36314067:4(1-31)Online publication date: 12-Jan-2024
https://dl.acm.org/doi/10.1145/3631406
Kim YGoutam SRahmati AKaufman ACalandrino JTroncoso C(2023)ErebusProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620290(929-946)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620290
Liu CZhu TZhang JZhou W(2022)Privacy Intelligence: A Survey on Image Privacy in Online Social NetworksACM Computing Surveys10.1145/354729955:8(1-35)Online publication date: 23-Dec-2022
https://dl.acm.org/doi/10.1145/3547299
Show More Cited By

Index Terms

CamForensics: Understanding Visual Privacy Leaks in the Wild
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security
      1. Mobile platform security

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Android: Changing the Mobile Landscape

The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
SecuRank: Starving Permission-Hungry Apps Using Contextual Permission Analysis
SPSM '16: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices

Competition among app developers has caused app stores to be permeated with many groups of general-purpose apps that are functionally-similar. Examples are the many flashlight or alarm clock apps to choose from. Within groups of functionally-similar ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SenSys '17: Proceedings of the 15th ACM Conference on Embedded Network Sensor Systems

November 2017

490 pages

ISBN:9781450354592

DOI:10.1145/3131672

Editor:
Rasit Eskicioglu
University of Manitoba, Canada

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SenSys '17

Sponsor:

SenSys '17: The 15th ACM Conference on Embedded Network Sensor Systems

November 6 - 8, 2017

Delft, Netherlands

Acceptance Rates

Overall Acceptance Rate 174 of 867 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
356
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)3

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Venugopalan HDin ZCarpenter TLowe-Power JKing SShafiq Z(2024)AragornProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36314067:4(1-31)Online publication date: 12-Jan-2024
https://dl.acm.org/doi/10.1145/3631406
Kim YGoutam SRahmati AKaufman ACalandrino JTroncoso C(2023)ErebusProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620290(929-946)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620290
Liu CZhu TZhang JZhou W(2022)Privacy Intelligence: A Survey on Image Privacy in Online Social NetworksACM Computing Surveys10.1145/354729955:8(1-35)Online publication date: 23-Dec-2022
https://dl.acm.org/doi/10.1145/3547299
Lehman SAlrumayh AKolhe KLing HTan C(2022)Hidden in Plain Sight: Exploring Privacy Risks of Mobile Augmented Reality ApplicationsACM Transactions on Privacy and Security10.1145/352402025:4(1-35)Online publication date: 9-Jul-2022
https://dl.acm.org/doi/10.1145/3524020
Hajihassnai OArdakanian OKhazaei H(2021)ObscureNetProceedings of the International Conference on Internet-of-Things Design and Implementation10.1145/3450268.3453534(40-52)Online publication date: 18-May-2021
https://dl.acm.org/doi/10.1145/3450268.3453534
Nguyen Canh TNagahara H(2019)Deep Compressive Sensing for Visual Privacy Protection in FlatCam Imaging2019 IEEE/CVF International Conference on Computer Vision Workshop (ICCVW)10.1109/ICCVW.2019.00492(3978-3986)Online publication date: Oct-2019
https://doi.org/10.1109/ICCVW.2019.00492
Pan ERen JLindorfer MWilson CChoffnes D(2018)Panoptispy: Characterizing Audio and Video Exfiltration from Android ApplicationsProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00302018:4(33-50)Online publication date: 29-Aug-2018
https://doi.org/10.1515/popets-2018-0030
Chandrashekhara SKi TDantu KKo S(2018)System-EProceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3210240.3211111(539-539)Online publication date: 10-Jun-2018
https://dl.acm.org/doi/10.1145/3210240.3211111

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents