Abstract / Description of output
China is currently the country with the largest number of Android smartphone users. We use a combination of static and dynamic code analysis techniques to study the data transmitted by the preinstalled system apps on Android smartphones from three of the most popular vendors in China. We find that an alarming number of preinstalled system, vendor and third-party apps are granted dangerous privileges. Through traffic analysis, we find these packages transmit to many third-party domains privacy sensitive information related to the user's device (persistent identifiers), geolocation (GPS coordinates, network-related identifiers), user profile (phone number, app usage) and social relationships (e.g., call history), without consent or even notification. This poses serious deanonymization and tracking risks that extend outside China when the user leaves the country, and calls for a more rigorous enforcement of the recently adopted data privacy legislation.
Original language | English |
---|---|
Title of host publication | Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks |
Publisher | ACM Association for Computing Machinery |
Pages | 31-42 |
Number of pages | 12 |
ISBN (Electronic) | 9781450398596 |
Publication status | Published - 28 Jun 2023 |
Event | The 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks - Duration: 29 May 2023 → 1 Jun 2023 |
Conference
Conference | The 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks |
---|---|
Abbreviated title | ACM WiSec 2023 |
Period | 29/05/23 → 1/06/23 |
Keywords / Materials (for Non-textual outputs)
- Android OS privacy
- China firmware
- PII leakage