CISPA
Browse

AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service

Download (992.44 kB)
conference contribution
posted on 2023-11-29, 18:09 authored by Mohammad Naseri, Nataniel Pereira Borges Jr., Andreas ZellerAndreas Zeller, Romain Rouvoy
To support users with disabilities, Android provides the accessibility services, which implement means of navigating through an app. According to the Android developer’s guide: "Accessibility services should only be used to assist users with disabilities in using Android devices and apps". However, developers are free to use this service without any restrictions, giving them critical privileges such as monitoring user input or screen content to capture sensitive information. In this paper, we show that simply enabling the accessibility service leaves 72 % of the top finance and 80 % of the top social media apps vulnerable to eavesdropping attacks, leaking sensitive information such as logins and passwords. A combination of several tools and recommendations could mitigate the privacy risks: We introduce an analysis technique that detects most of these issues automatically, e.g. in an app store. We also found that these issues can be automatically fixed in almost all cases; our fixes have been accepted by 70 % of the surveyed developers. Finally, we designed a notification mechanism which would warn users against possible misuses of the accessibility services; 50 % of users would follow these notifications.

History

Preferred Citation

Mohammad Naseri, Nataniel Jr., Andreas Zeller and Romain Rouvoy. AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service. In: Privacy Enhancing Technologies Symposium (PETS). 2019.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Privacy Enhancing Technologies Symposium (PETS)

Legacy Posted Date

2019-02-28

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_2804, title = "AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service", author = "Naseri, Mohammad and Jr., Nataniel Pereira Borges and Zeller, Andreas and Rouvoy, Romain", booktitle="{Privacy Enhancing Technologies Symposium (PETS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC