14-829: Mobile and IoT Security

14-829 / 18-638: Mobile and IoT Security - Fall 2018



Assignment #2 - Permissions, Personal Privacy, and Data Analytics

Due: October 9, 2018

Description: Unlike the previous assignment that asked you to steal the user's data, this assignment asks you to focus on learning about the user's activities, through context and user behavior measurements. The tasks are complicated by blocking the explicit use of certain permissions. Instead, you'll need to exfiltrate any information you can get about the relevant context, user, and behavioral data, then analyze this information offline using any other information available that may allow you to learn interesting things about the target user. In addition, you will build knowledge of the trade-offs between risk and value of certain types of mobile data and how users may perceive this risk.

Tasks:
  1. Develop an exfiltration app with value to the user - Write an app that collects relevant data about user context, activity, and behavior from the device without being detected or suspected by the user. Collect as much information as possible that will help you learn the location, behavior, and other useful information about the user, subject to the allowed permissions. Your app should appear to have some valuable functionality (e.g., a utility or game of some sort), but behind this functionality, it should send out all of the secretly collected information periodically (for example, once per minute), again without being suspected by the user.
    Constraints and Hints:
    • The only permissions allowed (either as manifest or equivalent runtime) are ACCESS_WIFI_STATE, CHANGE_WIFI_STATE, and INTERNET.
    • Your app should be interesting enough that people would use it, but it doesn't need to be novel (if you mimic an existing app or use an open-source app, be sure to provide proper attribution).
    • The user must be unaware of the app's hidden activities, regardless of what it does. You can assume that the user does not check the task manager, logs, or network traffic.
    • The app must exfiltrate data via without user interaction and regardless of app or screen state.
    • The app must work on all Android versions between 4.0 and 9 (inclusive).
    • You can assume there is an easy way to get your app onto the user's device, so don't worry about that problem.
    • Minimal UI is sufficient (this is a security assignment, not a dev assignment), as long as the quality and value of the analysis can be evaluated by the user.
  2. Track and map the user's location - Using the data exfiltrated from the user's device, create a data analysis and visualization tool to map the target user's location history. If needed, you can use Wifi location databases such as WiGLE.net or do a manual survey in areas you know the user frequents.
    Constraints and Hints:
    • Estimated location of the user should be plotted to a visual map (not on the user's device, but yours) in an understandable way.
    • Your location estimates don't need to be highly accurate, but they should be meaningful (e.g., room-level accuracy within buildings and on the order of 10s of meters outdoors).
    • You are allowed to collaborate with other students on the manual survey work, if needed, but no other tasks.
    • Be sure to create a mechanism for collecting ground truth data (outside the scope of the attack app and corresponding constraints), otherwise you won't know how accurate your results are.
  3. Learn something interesting about the user's behavior - As a malicious actor with access to the archive of exfiltrated data, come up with an interesting attack in which you extract some privacy-sensitive information about the user.
    Constraints and Hints:
    • For this task, your app can use additional permissions, as long as the permission is used explicitly for the user-facing part of the application. The data collected using this additional privilege cannot be used for the previous tasks.
    • The privacy-sensitive information that you learn should not be obvious, given the application and user context. For example, a fitness tracker should be able to know many physical details of the user, but it should not be able to learn the user's banking password.
    • More sensitive -> better.
    • Be creative.
  4. Study trade-offs between granularity and security - Downsample your data in a meaningful way and study if/how the attack degrades as the graularity of the reported data decreases. For example, what is the difference between collecting data at 1Hz versus 0.1Hz. Intuitively, when the app collects very fine-grained data, the value of the app and the success of the attack would both be high, but if the granularity of data is greatly reduced, both the app's value and the attack success would degrade. This tasks requires you to come up with criteria for evaluating both the app's value to the user and the success of the attack. If your app and attack are not affected by granularity, maybe make a more interesting app that is.
Deliverables: Each student will submit a written summary of their efforts for the above tasks. Your report should include:
  • Code snippets to highlight important features of the required tasks,
  • Examples of the types of data being recorded, analytics being done, and impact of reporting/sensing granularity,
  • Examples detailing how the attack works and the type of sensitive information exposed,
  • Details of how your design meets each of the given constraints,
  • Detailed step-by-step explanations of the relevant aspects of the app, analysis tools, and attack steps that demonstrate your understanding of what the code is doing and why it works the way it does.
The written summary should be formatted as a single-column document using font size 11 or greater, converted to a .pdf document for submission.

Submission Instructions: Each student should submit a .pdf version of their written summary via Canvas, using the format requested above. All students are expected to complete the assignment on their own; discussion about the assignment is allowed and encouraged, but all design, analysis, and writing tasks must be done individually (i.e., talking is allowed, but not sharing anything written) -- other than the manual mapping task if needed.

Grading: This assignment is worth 30 35 points: six (6) points for a detailed description of your app including both the user-facing and hidden functionalities, five (5) points for explaining how your app design satisfies the constraints, six (6) points for suitability and sufficiency of the sensitive information extracted in the attack, five (5) points for appropriateness of attack analysis methods, five (5) points for details of the mapping capability, four (4) points for detailed description of granularity and security trade-offs, and four (4) points for overall visualization of outcomes. We reserve the right to take off points for presentation aspects, e.g., incorrect format, poor writing, etc.