Sensors are widely used in modern mobile devices (e.g., smartphones, watches) and may gather abundant information from environments as well as about users, e.g., photos, sounds and locations. The rich set of sensor data enables various applications (e.g., health monitoring) and personalized apps as well. However, the powerful sensing abilities provide opportunities for attackers to steal both personal sensitive data and commercial secrets like never before. Unfortunately, the current design of smart devices only provides a coarse access control on sensors and does not have the capability to audit sensing. We argue that knowing how often the sensors are accessed and how much sensor data are collected is the first-line defense against sensor data breach. Such an ability is yet to be designed. In this paper, we propose a framework that allows users to acquire sensor data usages. In particular, we leverage a hook-based track method to track sensor accesses. Thus, with no need to change the source codes of the Android system and applications, we can intercept sensing operations to graphic sensors, audio sensors, location sensors, and standard sensors, and audit them from four aspects: flow audit, frequency audit, duration audit and invoker audit. Then, we implement a prototype, referred to as senDroid, which visually shows the quantitative usages of these sensors in real time at a performance overhead of [0.04–8.05] percent. senDroid allows Android users to audit the applications even when they bypass the Android framework via JNI invocations or when the malicious codes are dynamically loaded from the server side. Our empirical study on 1,489 popular apps in three well-known Android app markets shows that 26.32 percent apps access sensors when the apps are launched, and 11.01 percent apps access sensors while the apps run in the background. Furthermore, we analyze the relevance between sensor usage patterns and third-party libraries, and reverse-engineering on suspicious third-party libraries shows that 77.27 percent apps access sensors via third-party libraries. Our results call attentions to address the users’ privacy concerns caused by sensor access.

中文翻译：

---

senDroid：在 Android 系统范围内审计传感器访问

传感器广泛用于现代移动设备（例如，智能手机、手表）中，并且可以从环境以及关于用户的大量信息（例如照片、声音和位置）收集大量信息。丰富的传感器数据集也支持各种应用程序（例如，健康监测）和个性化应用程序。然而，强大的传感能力为攻击者提供了前所未有的窃取个人敏感数据和商业机密的机会。不幸的是，当前的智能设备设计仅提供对传感器的粗略访问控制，并且不具备审计感知的能力。我们认为，了解传感器的访问频率和收集的传感器数据量是防止传感器数据泄露的第一道防线。这种能力还有待设计。在本文中，我们提出了一个允许用户获取传感器数据使用情况的框架。特别是，我们利用基于钩子的跟踪方法来跟踪传感器访问。因此，无需更改Android系统和应用程序的源代码，我们就可以拦截对图形传感器、音频传感器、位置传感器和标准传感器的感知操作，并从流量审计、频率审计、时长审计四个方面进行审计。审计和调用者审计。然后，我们实现了一个原型，称为 senDroid，它以 [0.04–8.05]% 的性能开销实时直观地显示这些传感器的定量使用情况。senDroid 允许 Android 用户审计应用程序，即使他们通过 JNI 调用绕过 Android 框架或从服务器端动态加载恶意代码。我们对 1 的实证研究，三大知名Android应用市场的489款热门应用显示，26.32%的应用在启动时访问传感器，11.01%的应用在后台运行时访问传感器。此外，我们分析了传感器使用模式与第三方库之间的相关性，对可疑第三方库的逆向工程表明，77.27% 的应用程序通过第三方库访问传感器。我们的结果引起了人们的注意，以解决由传感器访问引起的用户隐私问题。对可疑第三方库的逆向工程表明，77.27% 的应用程序通过第三方库访问传感器。我们的结果引起了人们的注意，以解决由传感器访问引起的用户隐私问题。对可疑第三方库的逆向工程表明，77.27% 的应用程序通过第三方库访问传感器。我们的结果引起了人们的注意，以解决由传感器访问引起的用户隐私问题。