Characterization of Early Smartwatch Apps
Total Page:16
File Type:pdf, Size:1020Kb
The Second IEEE International Workshop on Sensing Systems and Applications Using Wrist Worn Smart Devices, 2016 Characterization of Early Smartwatch Apps Jagmohan Chauhan∗†, Suranga Seneviratne †, Mohamed Ali Kaafar †, Anirban Mahanti †, Aruna Seneviratne ∗† ∗School of EET University of New South Wales , †NICTA, Australia ∗ Email: †first name.last [email protected] Abstract—Wearable smart devices are already amongst us. We investigate a dataset of over 14,000 smartwatch apps • Currently, smartwatches are one of the key drivers of the across three app markets: Android Wear, Samsung, and wearable technology and are being used by a large population Apple and provide characteristics and insights from the of consumers. This paper takes a first look at this increasingly popular technology with a systematic characterization of the descriptive statistics of the studied apps related to app smartwatch app markets. We conduct a large scale analysis of prices, categories, and number of developers. three popular smartwatch app markets: Android Wear, Samsung, We provide a generic taxonomy for the apps on all • and Apple, and characterize more than 14,000 smartwatch apps three platforms based on their packaging and modes of in multiple aspects such as prices, number of developers and communication. This allows one to obtain insights into categories. Our analysis shows that approximately 41% and 30% of the apps in Android Wear and Samsung app markets how the current smartwatch apps are designed and their are Personalization apps that provide watch faces. Further, we potential ability to leak sensitive data. provide a generic taxonomy for apps on all three platforms based We perform static analysis on app code and show that • on their packaging and modes of communication, that allow us Apple apps connect to more trackers compared to An- to investigate apps with respect to privacy and security. Finally, droid Wear and Samsung. we study the privacy risks associated with the app usage by By analyzing the collected network traces after executing identifying third party trackers integrated into these apps and • personal information leakage through network traffic analysis. 28.2% (1,813) of all free apps across the three platforms, We show that a higher percentage of Apple apps (62%) are we show that although unique device information of the connected to third party trackers compared to Samsung (36%) smartwatch or health related information is never leaked, and Android Wear (46%). 6% of Android Wear apps and 11% of Apple apps leak user activities from the smartwatch to third party trackers. I. INTRODUCTION The rest of the paper is organized as follows. Section II lists Smartwatches are one of the most popular wearable device the related work and Section III explains our data collection type in today’s market as their sales reached 5 million units [1] procedure. Section IV presents the characterization of the app in 2015 and is expected to grow further to realize 101 million markets in terms of descriptive statistics and introduces a devices by 2020 [2]. Apple watches, have acquired an impres- generic taxonomy for smartwatch apps. Privacy and security sive market share of 75.5% followed by 7.5% for Samsung threats associated with the current apps are presented in devices [3]. Multiple vendors such as Motorola, and LG have Section V. Section VI concludes the paper. adopted Google’s Android Wear operating system, making it the second most widely used smartwatch operating system II. RELATED WORK next to Apple’s watchOS [4]. Similar to smartphones, the predominant component of the smartwatch ecosystem is the We describe related work in the areas of i) measurement availability of third party apps. As of September 2015, Apple’s studies of smartphone app markets, and ii) measurement app store was composed of more than 10,000 smartwatch studies related to security and privacy of wearables. apps [5]. Google Play has around 4,000 apps for Android Wear i) Smartphone app markets: Several studies based on large devices [6], while Samsung Gear Store was reported to contain scale crawls of smartphone app markets have been con- over 1,000 smartwatch apps [7]. ducted [10], [11]. Heureuse et al. [10] analyzed four popular Despite the overwhelming interest in smartwatches and app markets including Google Play Store and Apple App Store the increasing importance of apps, we have a very little and presented statistics on the market growth, app pricing, and understanding of the types of available apps and associated other app attributes such as app sizes, categories, ratings, and characteristics in different app markets. There is also a lack downloads. More recently, Viennot et al. [11] analyzed source of knowledge of privacy and security issues, which exists in codes of over 880,000 free apps and characterized the ads current smartwatch apps. Early evolving ecosystems are very library usage and duplicative content. well susceptible to privacy and security threats as known from Multiple work investigated PII leakages and tracker connec- previous research on smartphone apps [8], [9]. This paper takes tivity in smartphone apps [12], [13]. Grace et al. [12] detected a first step in addressing aforementioned knowledge gaps by a number of leaks by advertisement libraries related to user’s presenting a data-driven study of the population of apps from call logs, account information, and phone number by analyzing three app markets. 100,000 free apps collected between March and May 2011. Overall, this paper makes the following contributions: Leontiadis et al. [13] studied the requested permissions of 978-1-5090-1941-0/16/$31.00 ©2016 IEEE around 250,000 Android apps and showed that free apps asked Apple: Similarly to Android Wear, we crawled for more “risky” permissions. WatchAware [18] app market to discover app identifiers. We ii) Wearables security and privacy: Recently, HP [14] studied then accessed the iTunes pages of these apps and downloaded the security and privacy vulnerabilities of 10 popular smart- the corresponding metadata. To download app executable on watches from an OS and in-built application’s perspective. The a desktop, we automatically replayed the URL for each app study found out that intercepting communication between the in a web browser and generated a click event on the install smartwatch and the smartphone is trivial. Wang et al. [15] button on the webpage URL. We collected metadata of 9,355 highlighted how the smartwatch motion sensors can leak what apps and downloaded app executable of 5,615 apps that were the user is typing on the keyboard of a laptop. free. This covers approximately 90% of the total number of Apple Watch apps (10,000) reported as of September III. DATASETS IN USE 2015 [5]. The data was collected during September, 2015 and Table I Similar to the smartphone apps, smartwatch apps are hosted provides a summary of the three datasets. and maintained in app markets (Google Play Store, Samsung Gear Store and Apple App Store). We now describe the app TABLE I: Summary of the datasets crawling methodology for each app market. Android Wear Samsung Apple Android Wear: We discovered Android Wear apps avail- Total apps 3,623 1,687 9,355 able on Google Play Store by collecting Android Wear app Free apps 2,332 (64.37%) 700 (41.49%) 5,615 (60.02%) Paid apps 1,291 (35.63%) 987 (58.51%) 3,740 (39.98%) identifiers from two alternative app markets, Android Wear Categories 37 8 22 Center [16] and Goko [17] that lists Android Wear apps. App Developers 1,789 394 5,436 identifiers were then used to access the corresponding Google IV. ANALYSIS OF SMARTWATCH APPS Play Store page and download app metadata and executable using a Python based scraper. We collected metadata of 3,623 A. Characterization of the Apps apps out of which 2,332 app were free. This represents 90% In this section we provide a characterization of the smart- of the reported number of Android Wear apps (4,000 apps1) watch apps found in the three app markets. We first provide as of May 2015 [6]. a basic description of the app market in the likes of price, Samsung: Data collection from Samsung Gear Store was developers, and categories of apps. Then, we do cross market more challenging. First, Samsung Gear apps are only acces- analysis to find out the categories of apps which are early sible from the Samsung Gear app installed on a Samsung adopters driving the uptake of the wearable technology. smartphone and there were no alternative markets listing App Prices: Free apps represent, respectively 64%, 41% Samsung smartwatch apps. By inspecting the traffic generated and 60% of the apps in Android Wear, Samsung and Apple (cf. when users browse a particular category of smartwatch apps Table I). Notably, Samsung provides a higher ratio of paid apps via the Samsung Gear app on the smartphone, we observed compared to free apps. We did not expect such a landscape that Samsung Gear app sends HTTP POST requests with a of the smartwatch app market as this is significantly different category identifier and a number of items to fetch from the from the smartphone “regular” app market (for Android Wear app store. In response, the app stores provide an XML file and Samsung). For instance, according to a recent report [19], containing the metadata of apps belonging to the requested 88% of apps in Google Play Store are free. However, this phe- category. Our app scraping technique was then to forge HTTP nomenon of a higher ratio of paid apps was also observed in POST requests for each app category from the desktop and the early days of multiple smartphone app markets. Generally, in turn receiving the metadata for an exhaustive list of apps the ratio of free apps increases as the number of apps increases under that category.