DOCSLIB.ORG

Mockdroid: Trading Privacy for Application Functionality on Smartphones

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mockdroid: Trading Privacy for Application Functionality on Smartphones MockDroid: trading privacy for application functionality on smartphones Alastair R. Beresford Andrew Rice Nicholas Skehin Computer Laboratory, Computer Laboratory, Computer Laboratory, University of Cambridge, University of Cambridge, University of Cambridge, 15 JJ Thomson Avenue, 15 JJ Thomson Avenue, 15 JJ Thomson Avenue, Cambridge. CB3 0FD Cambridge. CB3 0FD Cambridge. CB3 0FD United Kingdom United Kingdom United Kingdom [email protected] [email protected] [email protected] Ripduman Sohan Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, Cambridge. CB3 0FD United Kingdom [email protected] ABSTRACT 1. INTRODUCTION MockDroid is a modified version of the Android operating In the last couple of years, third-party applications for system which allows a user to `mock' an application's ac- smartphones have become very popular for users and devel- cess to a resource. This resource is subsequently reported opers alike. For example, Apple has nearly 250,000 appli- as empty or unavailable whenever the application requests cations in its store [3] and has served over 3 billion down- access. This approach allows users to revoke access to par- loads [1]. This is due to the confluence of several technical, ticular resources at run-time, encouraging users to consider business and economic factors, including the availability of the trade-off between functionality and the disclosure of per- good mobile data connectivity, high-performance low-power sonal information whilst they use an application. Existing hardware, an online application store, and an integrated applications continue to work on MockDroid, possibly with billing system which allows application developers to col- reduced functionality, since existing applications are already lect payment for applications easily. Many modern mobile written to tolerate resource failure, such as network unavail- phone vendors have applications stores, including the App ability or lack of a GPS signal. We demonstrate the prac- Store (Apple), App World (Blackberry), Android Market ticality of our approach by successfully running a random (Google), Windows Marketplace for Mobile (Microsoft) and sample of twenty-three popular applications from the An- the Ovi Store (Nokia). droid Market. All the major platforms provide programming APIs which allow access to many of the core services of the smartphone, Categories and Subject Descriptors including: communication capabilities (e.g. IP connections, phone calling and text messaging), databases of personal in- D.4.6 [Security and Protection]: Access Controls; J.7 formation (e.g. address book and calendar data), and sensor [Computers in Other Systems]: Consumer products; information (e.g. microphones, cameras, phone location, and H.4 [Information Systems Applications]: Miscellaneous accelerometer data). Unfettered access to these data sources is a real privacy concern for users. General Terms Smartphone operating system vendors are aware of the potential for poorly written or malicious programs to com- Mobile, Phone, Security, Privacy promise privacy. Several different approaches have been de- veloped to reduce the risk. Application vetting is a popu- Keywords lar technique, used for a long time by Symbian, and now Android, MockDroid adopted by Nokia and Apple. In this model, the developer writes and tests an application on a specific device. Once the application is complete, the developer submits the ap- plication to a trusted party for testing; this might be the Permission to make digital or hard copies of all or part of this work for operating system vendor themselves or a third party. Typi- personal or classroom use is granted without fee provided that copies are cally, testing checks for adherence to published design guide- not made or distributed for profit or commercial advantage and that copies lines in addition to checking for malicious behaviour. If the bear this notice and the full citation on the first page. To copy otherwise, to trusted party approves the application, it digitally signs the republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. application; phone handsets will not install an application HotMobile ’11 Mar 01-03 2011, Phoenix, AZ, USA unless it is signed by a trusted key. Copyright 2011 ACM 978-1-4503-0649-2/11/03 ...$10.00. The vetting process is often opaque and suffers from both tual state of the GPS device, prevents the application from false accepts and false rejects. As the largest store, appli- providing search results based on accurate location data, or cations written for the iPhone provide several high-profile showing the current location of the user on the map; other examples, although other application stores also suffer from features of the application, such as directions, continue to similar problems. Once recent example is the latest version function as normal. Therefore, providing fake data allows of the Facebook application for Apple's App Store. The the user to explore the trade-off between functionality and Facebook application uploads all the contacts in the user's privacy for any given application. Lying in this way offers a phone address book and then pattern matches these entries number of advantages over simple mandatory access control: with the user's friends on Facebook. Newspaper reporters Controlling optional features It is common for applica- have discovered these numbers are not just stored on Face- tions to request access to a specific API to provide a book; they are also associated with the profiles of matching feature which is optional; for example, the Skype appli- friends, and therefore a phone number which is only avail- cation on Android allows the user to choose whether to able to a small number of people is shared more widely [4]. integrate Skype contacts with the main phone address In the first release of the application users were not made book. This kind of feature selection can be enforced by aware of this new feature and it cannot be disabled easily in the operating system rather than by the application. the phone application. A popular alternative approach to vetting is to use manda- No unwarranted sharing of personal data Many appli- tory access control. This technique is used by Android and cations which access personal data upload it to remote also the J2ME platform, which are both available on many servers without the user realising. For example, a re- different mobile device handsets. In this model, the devel- cent analysis of thirty Android applications which re- oper declares which APIs the application will use and the quested Internet connectivity along with location data system runtime prevents the application from accessing any or device ID found that twenty shared location data APIs it does not explicitly list. The set of permissions re- with content servers or third-party advertising net- quested by the application can be reviewed by the user. On works without seeking user consent [6]. Allowing ac- the Android platform, the permissions are displayed when cess to be mocked puts the user back in control. the application is installed, and the user has to make a stark Data separation For some data sources, it might be use- choice: grant the permissions and install the application, or ful to provide a subset of the data, such as providing don't use the application at all. The J2ME model is slightly only public calendar events to a specific application. more flexible: some platforms allow the user to select op- Similarly, it may be useful to control the quality of the tions such as \always", or \ask every time" for some APIs, data provided; for example, rather than providing the although applications may fail to run correctly if access is precise location of the phone to an application which denied. Some J2ME platforms only allow access to certain shares such data with friends, the user might provide APIs if the application has been vetted and signed, building the location of the nearest city. Users could even main- a hybrid combination of the vetting and mandatory access tain a separate database of personal information for control models. each application if they wish. The problem with the the mandatory access control model is the user must give permission to access communication Controlling expensive operations Access to some APIs features or data without necessarily being able to under- cost money, and therefore lying helps control costs. stand when and why this access is required, or what hap- For example, if the 3G data connection costs money, pens with their data. On Android this is especially difficult lying allows a user to prevent a data-hungry applica- since there is no \ask every time" option; after installation, tion from using the network whilst other applications applications can access any requested API without further continue to work as normal. user intervention. Enabling new features Many applications make use of In this paper we propose an alternative approach: allow sensor readings or information from personal databases the user to provide fake or `mock' data to applications in- to control the user experience. By allowing users to teractively as the application is being used. In other words, mock certain information, new features are automat- the user may provide different information on the status of ically enabled. For example, accelerometers are often communication capabilities, personal databases and sensors used to control the orientation of the screen. By pro- to each application and over time. For example, consider an viding fake accelerometer data to a specific application application which requests IP connectivity, access to loca- the user can manually rotate the application screen in- tion data from the GPS sensor, and read-write access to the dependently of the actual phone orientation. calendar database. On MockDroid, the user may choose to provide `mock' GPS data, such as always reporting a spe- Testing Developers can use mock resources to test their cific latitude and longitude, or reporting \no location fix applications to make sure they work correctly with the available" regardless of the actual status of the GPS device.
Load more

Recommended publications
  • Mapping the Space of Location-Based Services 5
    CHARLIEDETAR MAPPINGTHESPACEOFLOCATION- BASEDSERVICES 2 charlie detar Abstract This paper is an attempt to both summarize the current state of Lo- cation Based Services (LBS), and to unpack and problematize the underlying assumptions on which they operate. Location based ser- vices — including applications for mapping and navigation, social networking, gaming, and tourism and information services — are all based on the idea that information about a user’s location can be used to adapt the content and user interface of a service, improving it. However, the “location” used by these systems is usually restricted to data-poor representations such as geographic coordinates, and as such provides an insufficient cue for the rich and culturally contin- gent context embodied in the notion of a “place”. I will argue that developers should consider both the salience of the particular place- or space-based context to their application domain, and the potential impacts the application will have on a user’s sense of place when designing location based services. Contents 1 Introduction: Location, Location, Location 4 2 Space: the geometry of location 7 3 Place: the interpretation of location 12 4 Technology of space and place 17 5 Space, place, and location based services 22 6 Conclusion 45 7 Bibliography 46 1 Introduction: Location, Location, Location Location is a deep component of how we experience the world — it encapsulates not only a mathematical abstraction for our positions in space, but also a rich set of cultural meanings that we associate with particular places, which bound and contextualize our experience. The concept of “place” combines both geography and sociality — one has a “place” in relation to other people (and deviant behavior is “out of place”).
    [Show full text]
  • GPS Unit Or Cell Phone with GPS/Maps GPS Devices
    GPS Unit or Cell Phone with GPS/Maps GPS Devices Survey/GIS High quality GIS grade (Trimble, Astech, Javad) Consumer Handheld (Garmin, Magellan, Lowrance) Car (TomTom, Magellan, Garmin) Fishing (Lowrance, Garmin, Hummingbird) Cell Phones Early models (no GPS/AGPS) Current Phones (with GPS/AGPS to support GPS for E911 calls) Simple Phone –not web/data (prepaid or plan) Basic Phone with ability to access web/data Smart Phone Limit to accuracy ~ 5m (16ft) GPS/GNSS ‐ Smartphones (quick tips; there are many others) Regular Web Based iOS Phones Basic ; waypoints/tracks Verizon VZ Navigator MotionX‐GPS, Gaia GPS, GPS Kit AT&T TeleNav GPS Navigator Drive –Car ‐ Traffic Google Maps, MotionX‐Drive, Cheap Gas!, Scout, Navigon‐$, Tom Tom 1.3, Magellan RoadMate‐$, Garmin‐$ AmAze, Waze (crowdsourcing) Social Foursquare, Facebook Places, Twitter Geolocation Android Window Mobile Basic ; waypoints/tracks Gaia GPS‐$, GPS Essential, GPS Status (various; will update soon) Symbian‐Nokia Drive –Car‐ Traffic Ovi Map Google Maps Navigation, Gas Buddy Waze Now Windows Sygic, MapQuest, Waze (crowdsourcing) Mobile Social Foursquare, Facebook Places, Twitter Geolocation Thomas Friedman, NY TIMES, 3/2/2012; " Six years ago Facebook did exist, Tweet was a sound, the Cloud was still in the sky, 4G was a parking place, LinkedIn was a prison, applications were what you sent to college and Skype was a typo for most people." GPS/GNSS ‐ Smartphones‐ Minor mention iOS or Android apps Trapster GeoCaching Extra credit option: Find a Geocache http://www.geocaching.com 1 point for each cache found & recorded (up to 5 points maximum) To record your “finds” you will need to sign up at http://www.geocaching.com (free) and “friend” my ID, so I can verify your “finds” My geocaching.com ID is ajenks.
    [Show full text]
  • Data Collection – a Road Map
    2013 MASITE Annual Meeting September 20, 2013 Data Collection – A Road Map Bridget Bitto, KMJ Consulting, Inc. Traffic Engineering Technology Session September 20, 2013 1 Road Map • Data Sources • Study Types • Conclusions September 20, 2013 2 Data Sources Probe-Based Spot Sensor-Based September 20, 2013 3 Data Sources Probe-Based Measures Technology Definition Providers Identifies and matches MAC AWAM, TRAFFAX, TrafficCast, Bluetooth address of Bluetooth enabled Savari Networks devices as they pass reader Readers record toll tag ID Toll Tag Readers E-ZPass numbers Private 3rd Party Combination of probe data form INRIX, TomTom, TrafficCast, HERE Data Providers multiple technologies Uses signaling information from Wireless Location cell phones to anonymously track Cellient, AirSage, Delcan devices Obtaining real-time traffic Google Maps, TomTom MapShare, Crowd-Sourcing information from GPS-enabled Trapster, Waze mobile phones September 20, 2013 4 Data Sources Spot Sensor-Based Measures Technology Definition Loop detectors or magnetic In-Road Sensors detectors Directly measures speeds of Radar vehicles Video image vehicle detection Video system September 20, 2013 5 Study Types Origin- Travel Time Destination Speed & Pedestrian & Volume Bicycle September 20, 2013 6 Origin-Destination Studies • Find out where vehicles are coming from, where they are going, and when trips occur. • Used to support: – Travel demand model – Regional transportation system analysis September 20, 2013 7 Origin-Destination Studies Ability to Roadway Type Area Type
    [Show full text]
  • The Under-Appreciated Dimension of Time in Location-Based Systems Karen P
    The Under-Appreciated Dimension of Time in Location-Based Systems Karen P. Tang1,2 , Jason W. Wiese2 , Jason I. Hong2 , Daniel P. Siewiorek2 1Department of Informatics 2Human-Computer Interaction Institute University of California, Irvine Carnegie Mellon University [email protected] {jwwiese,jasonh,dps}@cs.cmu.edu ABSTRACT In fact, the LBSs that share current locations are arguably useful Empirical evidence from past studies has shown that current for only a few scenarios (e.g., for coordination or okayness location-based services (LBSs) are not individually compelling checking). However, empirical evidence from past studies enough to drive LBS adoption. To boost the adoption rate, suggests that these services do not individually provide enough researchers should consider an under-explored research area: the value to drive the overall LBS adoption. In this paper, we time dimension of location information. We provide examples present an overview of current LBSs, examine areas that have of such LBSs that share past and future locations. We also been overlooked in the LBS design space, and provide describe several challenges for designing these types of LBSs. suggestions of how to move forward to address these new areas. Specifically, we advocate that LBS research should look at what we believe is a relatively unexplored area: the time element of Categories and Subject Descriptors location information (i.e., past and future locations). While there H5.m. Information interfaces and presentation (e.g., HCI): has been some research in this area, we think that there are still Miscellaneous. many outstanding challenges which we outline here as research questions. We also posit that, by addressing these challenges, we General Terms can diversify the LBS landscape to support other types of Design, Human Factors.
    [Show full text]
  • Mergers & Acquisitions of the Geoinformation Market (2001-2020)
    Mergers & Acquisitions of the Geoinformation Market (2001-2020). A.N. Pirogov, GISGeo.org, 2020 Acquiree Name Acquirer Name Year Acquiree Name Acquirer Name Year nFrames (SURE) Esri 2020 Airborne Hydrography Hexagon 2013 HALIS Surveying And Mapping 2020 Devex Hexagon 2013 Midland GIS Solutions Surveying And Mapping 2020 IQ Irrigation Trimble 2013 Kuebix Trimble 2020 Rainwave LLC Trimble 2013 2GIS Sberbank 2020 Coordina TomTom 2013 Mapillary Facebook 2020 Waze Google 2013 Routematch Software Uber 2020 Star Net Geomatics Ltd. UTEC Survey 2013 Vricon Maxar Technologies 2020 Colorado Surveying Firm Landpoint 2013 Moovit Intel 2020 MANFRA Hexagon 2013 FreckleIOT PlaceIQ 2020 LISTECH Hexagon 2013 Factual Foursquare 2020 Navgeocom Hexagon 2013 AreaMetrics Point Inside 2020 New River Kinematics Hexagon 2013 sPARK Parking Technologies Arrive 2020 Trimble MAPS Trimble 2013 Geoslope Seequent 2019 GTA Geoinformatik Hexagon 2012 Cityworks Trimble 2019 Everlater MapQuest 2012 Placed Foursquare 2019 earthmine Inc. Nokia 2012 Geographica CARTO 2019 SSL Maxar Technologies 2012 Geomap-Imagis 1Spatial 2019 Thinknear Telenav 2012 indoo.rs Esri 2019 Geoloqi Esri 2012 Thermopylae Sciences and Technology Hexagon Geospatial 2019 UpNext Amazon 2012 Pitney Bowes - Software Solutions Business Syncsort 2019 GeoTrac Trimble 2012 Boundless Spatial Planet 2018 myVR Software Hexagon 2012 Where Is My Train Google 2018 Gatewing Trimble 2012 Geosoft Seequent 2018 MicroSurvey Software Hexagon 2012 Bricsys Hexagon 2018 Louisiana GIS Firm Landpoint 2012 FeatureX Orbital Insight 2018 Gowalla Facebook 2011 ThunderBuild BV Topcon Positioning Group 2018 Integrated Mapping Service Ubisense 2011 Geosys UrtheCast 2018 EJustice Solutions Interact Public Safety 2011 Opto-Tech Srl FARO 2018 ITIS Holdings INRIX 2011 Mergers & Acquisitions of the Geoinformation Market (2001-2020).
    [Show full text]
  • MOBILE LOCATION-BASED APPS Lecture in University of Tartu Jaak Laineste, 16.10.2012 Part 1 LOCATION-BASED SERVICE OVERVIEW Jaak Laineste
    MOBILE LOCATION-BASED APPS Lecture in University of Tartu Jaak Laineste, 16.10.2012 Part 1 LOCATION-BASED SERVICE OVERVIEW Jaak Laineste • GIS/LBS experience 17 years in GIS/mapping, 12 years in LBS Mobile operator LBS in all over the world Nutiteq since 2006 • Nutiteq and mobile development Part of Mobi Solutions group since 2009 J2ME, Android, BlackBerry, iPhone teams Naval navigation apps Location-Based Services 1. Location-based: 80% of data 2. Service (or mobile application) 3. Mobile technologies (phones, networks) 4. Mobile positioning • LBS is a technology, not application type Can be aspect of any application type Two meanings of LBS • „Classical“ definition: Mobile Positioning – MPS Mobile operators User Interface: SMS, Web, WAP, USSD, IVR • Today’s LBS : Smartphones with GPS, tablets mobile apps, web services, HTML5 Google Maps, PND, Check-ins, Google Now Operator-based LBS • Mobile Positioning Find location using mobile network Works with any mobile, no requirements Accuracy with Cell-ID: 300m ... 30 km (~1 km avg) Operator can also use in-phone GPS with A-GPS Only operator can do it, Can give to trusted 3rd party • Typical services FriendFinder, Games Find Nearest SMS Fleet Management • Recent trends Operators open APIs, including location There are aggregators: e.g. LocationLabs, Loc-Aid Location-based advertising – www.flipper.ee (EMT, Estonia) Popular LBS apps in smartphones • Navigation Tomtom, Navigon, Garmin, Nokia maps etc. Also Waze • Business around you Reviews, events, classifieds etc Yelp, Loopt, Qype, Zvents, Eventful,
    [Show full text]
  • Estimate Benefits of Crowdsourced Data from Social Media Task 4 Project Report
    Estimate Benefits of Crowdsourced Data from Social Media Task 4 Project Report www.its.dot.gov/index.htm Final Report — February 2015 Publication Number: FHWA-JPO-14-165 1.1.1.1.1.1 Produced by Noblis, Inc. U.S. Department of Transportation ITS Joint Program Office Notice This document is disseminated under the sponsorship of the Department of Transportation in the interest of information exchange. The United States Government assumes no liability for its contents or use thereof. The U.S. Government is not endorsing any manufacturers, products, or services cited herein and any trade name that may appear in the work has been included only because it is essential to the contents of the work. Technical Report Documentation Page 1. Report No. 2. Government Accession No. 3. Recipient’s Catalog No. FHWA-JPO-14-165 4. Title and Subtitle 5. Report Date Estimate Benefits of Crowdsourced Data from Social Media December 18, 2014 6. Performing Organization Code 7. Author(s) 8. Performing Organization Report No. Jeffrey Adler, John Horner, Jeanette Dyer, Alan Toppen, Lisa Burgess, and Greg Hatcher 9. Performing Organization Name And Address 10. Work Unit No. (TRAIS) Noblis 600 Maryland Ave., SW, Suite 755 11. Contract or Grant No. Washington, DC 20024 DTFH61-11-D-00018 12. Sponsoring Agency Name and Address 13. Type of Report and Period Covered ITS-Joint Program Office Final Report 1200 New Jersey Avenue, S.E. 14. Sponsoring Agency Code Washington, DC 20590 HOIT-1 15. Supplementary Notes Jimmy Chu, FHWA, Government Task Manager Marcia Pincus, ITS JPO, COR 16. Abstract Traffic Management Centers (TMCs) acquire, process, and integrate data in a variety of ways to support real-time operations.
    [Show full text]
  • Trapster Free
    Trapster free click here to download Find www.doorway.ru software downloads at CNET www.doorway.ru, the most comprehensive source for safe, trusted, and spyware-free downloads on the Web. From www.doorway.ru: Trapster(R), your iPhone alerts you as you approach police speed traps, red light cameras, and other kinds of traps. It's a high tech way to do. Like anything on your phone, you want to be careful about using Trapster while you're driving, but fortunately Trapster's mobile apps help you. Trapster - Trapster, your Android phone alerts you by spoken warnings such as "Live Police" or "Red Light Camera". Trapster®, your mobile phone alerts you as you approach police speed traps. Download Trapster Never get lost in the city again with this and Transportation. Trapster. Trapster icon More info. License: Free. Op. System: Android. Download Trapster APK (latest version) for Samsung, Huawei, Xiaomi, LG, HTC, Lenovo and all other Android phones, The Trapster app is a free service. Trapster for Android free. Download fast the latest version of Trapster for Android: Get very useful information of the road: Speed limits, radars, accidents and a. Trapster for iPhone free. Download fast the latest version of Trapster for iPhone: Speed radars, traffic jams and all the information of the roads in real time; now. Download Trapster (Android) For Free on www.doorway.ruer is your #1 driving companion. The worldwide community of over 20 million drivers. Trapster: Trapster for Android alerts you as you approach police speed traps, red light and speed cameras, via spoken warnings in fun voices.
    [Show full text]
  • Mobile Device Security
    Mobile Device Security Adam C. Champion and Dong Xuan CSE 4471: Information Security Based on materials from Tom Eston (SecureState), Apple, Android Open Source Project, and William Enck (NCSU) Organization • Quick Overview of Mobile Devices • Mobile Threats and Attacks • Mobile Access Control • Information Leaking Protection • Case Studies Overview of Mobile Devices • Mobile computers: – Mainly smartphones, tablets – Sensors: GPS, camera, accelerometer, etc. – Computation: powerful CPUs (≥ 1 GHz, multi-core) – Communication: cellular/4G, Wi-Fi, near field communication (NFC), etc. • Many connect to cellular networks: billing system • Cisco: 7 billion mobile devices will have been sold by 2012 [1] Organization Organization • Quick Overview of Mobile Devices • Mobile Threats and Attacks • Mobile Access Control • Information Leaking Protection • Case Studies Mobile Threats and Attacks • Mobile devices make attractive targets: – People store much personal info on them: email, calendars, contacts, pictures, etc. – Sensitive organizational info too… – Can fit in pockets, easily lost/stolen – Built-in billing system: SMS/MMS (mobile operator), in-app purchases (credit card), etc. • Many new devices have near field communications (NFC), used for contactless payments, etc. • Your device becomes your credit card • Much Android malware, much less for iOS • NFC-based billing system vulnerabilities Mobile Device Loss/Theft • Many mobile devices lost, stolen each year – 113 mobile phones lost/stolen every minute in the U.S. [15] – 56% of us misplace
    [Show full text]
  • Opportunities and Challenges of Smart Mobile Applications in Transportation
    journal of traffic and transportation engineering (english edition) 2016; x (x): 1e11 Available online at www.sciencedirect.com ScienceDirect journal homepage: www.elsevier.com/locate/jtte Original Research Paper Opportunities and challenges of smart mobile applications in transportation * Saidi Siuhi a, , Judith Mwakalonge b a Department of Civil Engineering, Abu Dhabi University, Abu Dhabi, United Arab Emirates b Department of Civil and Mechanical Engineering Technology and Nuclear Engineering, South Carolina State University, Orangeburg, SC 29117, USA article info abstract Article history: Smart mobile applications are software applications that are designed to run on smart Available online xxx phones, tablets, and other mobile electronic devices. In this era of rapid technological advances, these applications have become one of the primary tools we use daily both in our personal and professional lives. The applications play key roles in facilitating many ap- Keywords: plications that are pivotal in our today's society including communication, education, Smart mobile applications business, entertainment, medical, finance, travel, utilities, social, and transportation. Distracted driving This paper reviewed the opportunities and challenges of the applications related to Distracted walking transportation. The opportunities revealed include route planning, ridesharing/carpooling, Transportation safety traffic safety, parking information, transportation data collection, fuel emissions and Travel information consumption, and travel information. The potential users of these applications in the field of transportation include (1) transportation agencies for travel data collection, travel in- formation, ridesharing/carpooling, and traffic safety, (2) engineering students for field data collection such as travel speed, travel time, and vehicle count, and (3) general traveling public for route planning, ridesharing/carpooling, parking, traffic safety, and travel information.
    [Show full text]
  • An Analysis of Application Transmission of Iphone Udids
    iPhone Applications & Privacy Issues iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs) Eric Smith * http://pskl.us October 1, 2010 Abstract Every Apple iPhone shipped since its introduction in 2007 contains a unique, software-visible serial number -- the Unique Device Identifier, or UDID. Apple provided this functionaly to allow application developers to uniquely identify the iPhone being used for purposes such as storing application preferences or video game high scores. While the UDID does facilitate the process of collecting and storing certain types of data, it also creates a tempting opportunity for use as a tracking agent or to correlate with other personally-identifiable information in unintended ways. In this paper, we investigate where and how UDIDs are being shared, with whom, and how the UDIDs are being used. Tags : iPhone, Apple, Privacy, UDID, Application Development, Information Security, Tracking, GPS Data * Eric Smith is the Assistant Director of Information Security and Networking at Bucknell University in Lewisburg, Pennsylvania. He has over 15 years of field experience in information security, networking, and systems administration. He has provided consultation services in places such as Research Triangle Park and New York City. Eric is a founding member of PreSet Kill Limit, the security research group which has won the Defcon Wardriving Contest several years in a row. Eric can be reached at [email protected]. Eric Smith www.pskl.us 1 iPhone Applications
    [Show full text]
  • Using a Social Informatics Framework to Study the Effects of Location-Based Social Networking on Relationships Between People: a Review of Literature
    Using a Social Informatics Framework to Study the Effects of Location-Based Social Networking on Relationships between People: A Review of Literature Sarah Jean Fusco, Katina Michael, M.G. Michael School of Information Systems and Technology, Faculty of Informatics, University of Wollongong {sjf462, katina, mgm}@uow.edu.au Abstract third area of literature reviewed by this research is the literature on trust and friendship. The purpose of briefly This paper is predominantly a review of literature on reviewing this literature is to provide an outline of the the emerging mobile application area known as social theory that forms the background of the wider location-based social networking. The study applies the study. Prior to reviewing the literature a classification social informatics framework to the exploratory model is presented which summarizes the literature in question of what effect location based social networking the domain, in addition to providing a roadmap for this may have on relationships between people. The paper. classification model used in the paper relates previous research on location based services and online social 2. Background networking together. Specifically the wider study is concerned with literature which identifies the impact of Location Based Social Networking (LBSN) technology on trust with respect to friendship. This applications such as Google Latitude, Loopt and paper attempts to draw out the motivations behind using BrightKite enhance our ability to perform social location based social networking applications and the surveillance. These applications enable users to view implications this may have on individual privacy and and share real time location information with their more broadly one’s social life.
    [Show full text]