14-829 / 18-638: Mobile and IoT Security - Fall 2018
Assignment #2 - Permissions, Personal Privacy, and Data Analytics
- Due: October 9, 2018
- Description: Unlike the previous assignment that asked you to steal the user's data, this assignment asks you
to focus on learning about the user's activities, through context and user behavior measurements. The tasks are complicated
by blocking the explicit use of certain permissions. Instead, you'll need to exfiltrate any information you can get about the
relevant context, user, and behavioral data, then analyze this information offline using any other information available that
may allow you to learn interesting things about the target user. In addition, you will build knowledge of the trade-offs between
risk and value of certain types of mobile data and how users may perceive this risk.
- Tasks:
- Develop an exfiltration app with value to the user - Write an app that collects relevant data about user context, activity,
and behavior from the device without being detected or suspected by the user. Collect as much information as possible that will help
you learn the location, behavior, and other useful information about the user, subject to the allowed permissions. Your app should appear to
have some valuable functionality (e.g., a utility or game of some sort), but behind this functionality, it should send out all of the secretly
collected information periodically (for example, once per minute), again without being suspected by the user.
Constraints and Hints:
- The only permissions allowed (either as manifest or equivalent runtime) are ACCESS_WIFI_STATE, CHANGE_WIFI_STATE, and INTERNET.
- Your app should be interesting enough that people would use it, but it doesn't need to be novel (if you mimic an existing app or use an
open-source app, be sure to provide proper attribution).
- The user must be unaware of the app's hidden activities, regardless of what it does. You can assume that the user does not
check the task manager, logs, or network traffic.
- The app must exfiltrate data via without user interaction and regardless of app or screen state.
- The app must work on all Android versions between 4.0 and 9 (inclusive).
- You can assume there is an easy way to get your app onto the user's device, so don't worry about that problem.
- Minimal UI is sufficient (this is a security assignment, not a dev assignment), as long as the quality and value of
the analysis can be evaluated by the user.
- Track and map the user's location - Using the data exfiltrated from the user's device, create a data analysis and visualization
tool to map the target user's location history. If needed, you can use Wifi location databases such as WiGLE.net or do a manual survey in
areas you know the user frequents.
Constraints and Hints:
- Estimated location of the user should be plotted to a visual map (not on the user's device, but yours) in an understandable way.
- Your location estimates don't need to be highly accurate, but they should be meaningful (e.g., room-level accuracy within buildings
and on the order of 10s of meters outdoors).
- You are allowed to collaborate with other students on the manual survey work, if needed, but no other tasks.
- Be sure to create a mechanism for collecting ground truth data (outside the scope of the attack app and corresponding constraints),
otherwise you won't know how accurate your results are.
- Learn something interesting about the user's behavior - As a malicious actor with access to the archive of exfiltrated data,
come up with an interesting attack in which you extract some privacy-sensitive information about the user.
Constraints and Hints:
- For this task, your app can use additional permissions, as long as the permission is used explicitly for the user-facing part of
the application. The data collected using this additional privilege cannot be used for the previous tasks.
- The privacy-sensitive information that you learn should not be obvious, given the application and user context. For
example, a fitness tracker should be able to know many physical details of the user, but it should not be able to learn
the user's banking password.
- More sensitive -> better.
- Be creative.
- Study trade-offs between granularity and security - Downsample your data in a meaningful way and study if/how the attack
degrades as the graularity of the reported data decreases. For example, what is the difference between collecting data at 1Hz versus
0.1Hz. Intuitively, when the app collects very fine-grained data, the value of the app and the success of the attack would both be
high, but if the granularity of data is greatly reduced, both the app's value and the attack success would degrade. This tasks requires
you to come up with criteria for evaluating both the app's value to the user and the success of the attack. If your app and attack are
not affected by granularity, maybe make a more interesting app that is.
- Deliverables: Each student will submit a written summary of their efforts for the above tasks. Your report should include:
- Code snippets to highlight important features of the required tasks,
- Examples of the types of data being recorded, analytics being done, and impact of reporting/sensing granularity,
- Examples detailing how the attack works and the type of sensitive information exposed,
- Details of how your design meets each of the given constraints,
- Detailed step-by-step explanations of the relevant aspects of the app, analysis tools, and attack steps that demonstrate
your understanding of what the code is doing and why it works the way it does.
The written summary should be formatted as a single-column document using font size 11 or greater, converted to a .pdf
document for submission.
- Submission Instructions: Each student should submit a
.pdf
version of their written summary via Canvas, using
the format requested above. All students are expected to complete the assignment on their own; discussion about the assignment is allowed
and encouraged, but all design, analysis, and writing tasks must be done individually (i.e., talking is allowed, but not sharing anything
written) -- other than the manual mapping task if needed.
- Grading: This assignment is worth
30 35 points: six (6) points for a detailed description of your app including both the
user-facing and hidden functionalities, five (5) points for explaining how your app design satisfies the constraints, six (6) points
for suitability and sufficiency of the sensitive information extracted in the attack, five (5) points for appropriateness of attack analysis
methods, five (5) points for details of the mapping capability, four (4) points for detailed description of granularity and security
trade-offs, and four (4) points for overall visualization of outcomes. We reserve the right to take off points for presentation aspects,
e.g., incorrect format, poor writing, etc.