posted on 2023-11-29, 18:09authored byMohammad Naseri, Nataniel Pereira Borges Jr., Andreas ZellerAndreas Zeller, Romain Rouvoy
To support users with disabilities, Android
provides the accessibility services, which implement
means of navigating through an app. According to the
Android developer’s guide: "Accessibility services should
only be used to assist users with disabilities in using
Android devices and apps". However, developers are
free to use this service without any restrictions, giving
them critical privileges such as monitoring user input
or screen content to capture sensitive information. In
this paper, we show that simply enabling the accessibility service leaves 72 % of the top finance and 80 %
of the top social media apps vulnerable to eavesdropping attacks, leaking sensitive information such as logins and passwords. A combination of several tools and
recommendations could mitigate the privacy risks: We
introduce an analysis technique that detects most of
these issues automatically, e.g. in an app store. We also
found that these issues can be automatically fixed in almost all cases; our fixes have been accepted by 70 % of
the surveyed developers. Finally, we designed a notification mechanism which would warn users against possible
misuses of the accessibility services; 50 % of users would
follow these notifications.
History
Preferred Citation
Mohammad Naseri, Nataniel Jr., Andreas Zeller and Romain Rouvoy. AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service. In: Privacy Enhancing Technologies Symposium (PETS). 2019.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
Privacy Enhancing Technologies Symposium (PETS)
Legacy Posted Date
2019-02-28
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_2804,
title = "AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service",
author = "Naseri, Mohammad and Jr., Nataniel Pereira Borges and Zeller, Andreas and Rouvoy, Romain",
booktitle="{Privacy Enhancing Technologies Symposium (PETS)}",
year="2019",
}