Projects per year
Abstract
The permission system of Android has continuously evolved to better guard the privacy of users. New permissions have been introduced and existing methods which were abused now require a permission or have been entirely removed. Retrieving private data about users without their consent is thus getting continuously harder for applications.
In this paper, we systematically analyse how timing-based side channels in the Android API can be used to circumvent this tight permission system. We introduce AndroTIME, a framework to automatically detect such side channels in the Android API. Using this automated approach, we were able to identify several new timing-based side-channel leaks in Android 10 and Android 11. The detected side channels enable querying for installed applications, active accounts, files, and browser logins. The leaked information could be used to fingerprint users, detect secret user habits, or even infer a concrete user identity.
In this paper, we systematically analyse how timing-based side channels in the Android API can be used to circumvent this tight permission system. We introduce AndroTIME, a framework to automatically detect such side channels in the Android API. Using this automated approach, we were able to identify several new timing-based side-channel leaks in Android 10 and Android 11. The detected side channels enable querying for installed applications, active accounts, files, and browser logins. The leaked information could be used to fingerprint users, detect secret user habits, or even infer a concrete user identity.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 |
| Editors | Guojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan |
| Place of Publication | China |
| Pages | 1849-1856 |
| Number of pages | 8 |
| ISBN (Electronic) | 9781665403924 |
| DOIs | |
| Publication status | Published - 2021 |
| Event | 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications: TrustCom 2020 - Guangdong Hotel, Hybrider Event, Guangzhou, China Duration: 29 Dec 2020 → 1 Jan 2021 http://ieee-trustcom.org/TrustCom2020/ |
Conference
| Conference | 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications |
|---|---|
| Abbreviated title | IEEE TrustCom 2020 |
| Country/Territory | China |
| City | Hybrider Event, Guangzhou |
| Period | 29/12/20 → 1/01/21 |
| Internet address |
Fingerprint
Dive into the research topics of 'AndroTIME: Identifying Timing Side Channels in the Android API'. Together they form a unique fingerprint.Projects
- 1 Active
-
A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Project: Research area