Go to SPACCS 2019 homepageInformation Leakage in Wearable Applications
Abstract: Wearable apps, specifically smartwatch apps, require permissions to access sensors, user profiles, and the Internet. These permissions, although not crucial for many mobile apps, are essential for health and fitness apps, as well as other wearable apps to work efficiently. Access to data on wearable devices enables malicious apps to extract personal user information. Moreover, benevolent apps can be utilized by attackers if they send private information insecurely. Many studies have examined privacy issues in smartphone apps, and very little has been done to identify and evaluate these issues in wearable smartwatch apps. Since wearable apps can reside either on the phone and watch or both, with all devices capable of accessing the Internet directly, a different dimension to information leakage is presented due to diverse ways in which these devices collect, store and transmit data. This study classifies and analyzes information leakage in wearable smartwatch apps and examines the exposure of personal information using both static and dynamic approaches. Based on data collected from thousands of wearable applications, we show that standalone wearable apps leak less information compared to companion apps; the majority of data leaks exist in tracking services such as analytics and ad network libraries.
0 Replies
Loading