Go to OpenReview Archive homepageWearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS
Abstract: Smartwatches and wearable technology have proliferated
in the recent years featured by a seamless integration with
a paired smartphone. Many mobile applications now come
with a companion app that the mobile OS deploys on the
wearable. These execution environments expand the context
of mobile applications across more than one device, introducing new security and privacy issues. One such issue is that
current information flow analysis techniques can not capture
communication between devices. This can lead to undetected
privacy leaks when developers use these channels. In this
paper, we present WearFlow, a framework that uses static
analysis to detect sensitive data flows across mobile and wearable companion apps in Android. WearFlow augments taint
analysis capabilities to enable inter-device analysis of apps.
WearFlow models proprietary libraries embedded in Google
Play Services and instruments the mobile and wearable app
to allow for a precise information flow analysis between them.
We evaluate WearFlow on a test suite purposely designed to
cover different scenarios for the communication Mobile-Wear,
which we release as Wear-Bench. We also run WearFlow on
3K+ real-world apps and discover privacy violations in popular apps (10M+ downloads).
0 Replies
Loading