DOCSLIB.ORG

Dynamic Detection of Inter-Application Communication Vulnerabilities in Android

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Dynamic Detection of Inter-Application Communication Vulnerabilities in Android Dynamic Detection of Inter-application Communication Vulnerabilities in Android Roee Hay Omer Tripp Marco Pistoia IBM Security, Israel IBM T. J. Watson Research Center, USA [email protected] fotripp,[email protected] ABSTRACT Keywords A main aspect of the Android platform is Inter-Application inter-application communication, Android, security, mobile Communication (IAC), which enables reuse of functional- ity across apps and app components via message passing. 1. INTRODUCTION While a powerful feature, IAC also constitutes a serious at- Android is the most popular mobile operating system, tack surface. A malicious app can embed a payload into with 78% of the worldwide smartphone sales to end users an IAC message, thereby driving the recipient app into a in Q1 2015 [6]. A key aspect of the Android architecture potentially vulnerable behavior if the message is processed is IAC, aka Inter-Process Communication (IPC), which en- without its fields first being sanitized or validated. ables modular design and reuse of functionality across apps We present what to our knowledge is the first compre- and app components. hensive testing algorithm for Android IAC vulnerabilities. The Android IAC model is implemented as a message- Toward this end, we first describe a catalog, stemming from passing system, where messages are encapsulated as Intent our field experience, of 8 concrete vulnerability types that objects. Through Intents, an app (or app component) can can potentially arise due to unsafe handling of incoming IAC utilize functionality exposed by another app (or app com- messages. We then explain the main challenges that auto- ponent), e.g. by passing a message to the browser to render mated discovery of Android IAC vulnerabilities entails, in- content or to a navigation app to display a location and cluding in particular path coverage and custom data fields, provide directions to it. and present simple yet surprisingly effective solutions to The Android IAC interface is a significant attack sur- these challenges. face [?, 10, 4]. Familiar examples of IAC vulnerabilities are We have realized our testing approach as the Intent- Cross-Application Scripting (XAS), whereby an app is ma- Droid system, which is available as a commercial cloud nipulated into running untrusted JavaScript code when ren- service. IntentDroid utilizes lightweight platform-level in- dering IAC content inside an HTML-based view; client-side strumentation, implemented via debug breakpoints (to run SQL injection (SQLi), whereby an app backed by an SQLite atop any Android device without any setup or customiza- database (supported natively by the Android platform) in- tion), to recover IAC-relevant app-level behaviors. Evalu- tegrates unvalidated or unsanitized IAC data into an SQL ation of IntentDroid over a set of 80 top-popular apps query; and injection or manipulation of UI elements, which has revealed a total 150 IAC vulnerabilities | some already occur if reflective APIs, such as Fragment.instantiate(:::), fixed by the developers following our report | with a recall are used without proper input validation. We describe these rate of 92% w.r.t. a ground truth established via manual as well as other attack vectors in detail in Section 2.3. auditing by a security expert. Past Research. The Android IAC interface has been in- vestigated from different angles. These include static detec- Categories and Subject Descriptors tion algorithms for confidentiality threats due to outbound IAC [4]; fuzzing tools to test the robustness of message han- D.2.5 [Software/Testing and Debugging]: Testing tools dling [10], or otherwise detect specific security weaknesses like capability leakage [21]; as well as proposals to revise ar- chitectural aspects of the Android system for more secure General Terms IAC [7]). Algorithms, Experimentation, Security While these studies are all useful, a main concern that re- mains unaddressed is IAC integrity threats. In recent years, several critical IAC vulnerabilities have been disclosed. A notable example is CVE-2011-2357 [5], which reports a Cross- Permission to make digital or hard copies of all or part of this work for Application Scripting (XAS) vulnerability in the Android personal or classroom use is granted without fee provided that copies are Browser manually discovered by one of the authors of this not made or distributed for profit or commercial advantage and that copies paper. (See Section 2.3.) Yet another example is the ability bear this notice and the full citation on the first page. To copy otherwise, to to exploit the IAC interface using drive-by techniques, e.g. republish, to post on servers or to redistribute to lists, requires prior specific by pointing the browser at a malicious website [19]. These permission and/or a fee. ISSTA’15 , July 12–17, 2015, Baltimore, MD, USA and similar discoveries expose IAC as a potentially serious Copyright 2015 ACM 978-1-4503-3620-8/15/07 ...$15.00. security hole. To our knowledge, none of the existing research provides a 2. THE IAC ATTACK SURFACE solution for comprehensive integrity testing of IAC channels. In this section, we provide technical background on An- The main challenge for the testing tool is that all fields of an droid IAC, and then describe a catalog of security vulnera- IAC message but uri are custom (i.e., not specified in the bilities that are all exploitable via the IAC surface. These IAC interface declaration). This complicates the construc- are based on publicly available vulnerability reports [5] as tion of meaningful test inputs. Another challenge is how to well as on one of the authors' field experience in performing obtain effective path coverage with low overhead. manual security audits. Our Approach. We address the problem of testing for IAC integrity vulnerabilities. In stating this problem, we 2.1 Background: The Android Architecture place special emphasis on practicality. Our goal is to de- An Android app consists of components of the following sign a testing algorithm featuring high recall (or coverage) types: Activity, Fragment, Service, BroadcastReceiver alongside low overhead. This twofold requirement implies, and ContentProvider. All the components comprising an in specific, that the testing tool can only (i) rely on sparse app (except dynamically registered BroadcastReceivers) are app/platform instrumentation (as opposed to gleaning ar- declared in the app's manifest file (AndroidManifest.xml). bitrary run-time information), and (ii) apply a small and An Activity defines a single UI screen, e.g. a browsing focused set of tests. window or preferences dialog. A Fragment is a finer-grained While high coverage is a natural requirement, the motiva- UI container that is reusable within the same app. Services tion for low overhead is to enable efficient large-scale testing perform background tasks. Finally, the role of BroadcastRe- by third parties, such as app stores or organizations with a ceivers is to intercept incoming messages from other appli- Bring Your Own Device (BYOD) policy, that currently have cation components and ContentProviders. Another (poten- limited vetting power. Indeed, the testing system we have tial) component in an Android app is native code. Such code, created, dubbed , is packaged as a cloud-based IntentDroid typically written in C or C++, interfaces with the Java code service to support these use cases.1 via the Java Native Interface (JNI). The idea underlying is to monitor only a IntentDroid Android apps are executed in a sandboxed environment select set of platform APIs | those responsible for security- to protect both the system and the hosted applications from relevant functionality as well as access to IAC data | and malware [4]. The Android sandbox relies on, and augments, utilize the resulting run-time information to guide testing. the Linux kernel's isolation facilities. While sandboxing is We describe how, based on this information alone, Intent- a central security feature, it comes at the expense of inter- is able to prune redundant tests, recover custom IAC Droid operability. In many common situations, apps require the fields, and vary inputs to increase path coverage. ability to interact. For example, the browser app should be We report on extensive evaluation of across IntentDroid capable of launching the Google Play app if the user points a set of 80 top-popular Android apps from the wild, wherein toward the Google Play website. a security expert detected a total of 163 IAC vulnerabili- To recover interoperability, Android provides high-level ties. Using an average of 40 tests per app, IntentDroid IAC mechanisms via the Binder class, implemented as a was able to detect 150 of those vulnerabilities, which consti- driver in the Linux kernel. IAC is achieved via Messages (for tutes a recall rate of 92%. Some of the vulnerabilities have Services) and Intents (for Services as well as other com- already been fixed by the developers. Beyond validating the ponents). Intents are messaging objects that contain both overall efficacy of , we also validate each of the IntentDroid the payload and the target application component. Content design choices it features, and demonstrate its significance is placed into the uri (or data) attribute. and can addition- experimentally. Last, we provide qualitative insight into the ally be stored within an associated Bundle in the form of usefulness of via detailed analysis of several IntentDroid extra parameters. of the detected vulnerabilities. Intents can either be implicit, which means that the tar- Contributions. This paper makes the following principal get is not specified, or explicit, which means that a specific contributions: target is provided. Intents can be broadcast to Broadcas- 1. Comprehensive IAC Security Testing: We have created tReceivers, invoke Activitys, or launch a Service. An the first comprehensive dynamic testing system for An- application component can only be invoked by external par- droid IAC integrity vulnerabilities (Sections 4-5). ties, via an Intent, if the manifest file permits that.
Load more

Recommended publications
  • AVG Android App Performance and Trend Report H1 2016
    AndroidTM App Performance & Trend Report H1 2016 By AVG® Technologies Table of Contents Executive Summary .....................................................................................2-3 A Insights and Analysis ..................................................................................4-8 B Key Findings .....................................................................................................9 Top 50 Installed Apps .................................................................................... 9-10 World’s Greediest Mobile Apps .......................................................................11-12 Top Ten Battery Drainers ...............................................................................13-14 Top Ten Storage Hogs ..................................................................................15-16 Click Top Ten Data Trafc Hogs ..............................................................................17-18 here Mobile Gaming - What Gamers Should Know ........................................................ 19 C Addressing the Issues ...................................................................................20 Contact Information ...............................................................................21 D Appendices: App Resource Consumption Analysis ...................................22 United States ....................................................................................23-25 United Kingdom .................................................................................26-28
    [Show full text]
  • Andrew Phay Whatcom CD [email protected]
    New Technology for Use in Your District Andrew Phay Whatcom CD [email protected] Smart Phones • Takes the place of GPS, Camera, Data Logger, Notes • GPS o iPhone/iPad – MoronX GPS, SpyGlass o Android – MyTracks, GPSLogger • Document Editing– Docs To Go, Google Docs, Office Suite Pro • Notes & To-Dos’– Evernote, Awesome Note • File Access – DropBox, Box.net • LogMeIn • Soilweb • Calendar sharing and reminders • Email • Weather iPad/Tablets • Mapping/GPS – MyTracks, GPSLogger, GISPro, Google Earth, ArcGIS • Word/Excel/PowerPoint – Docs to Go • Notes – Evernote • Photos/video – GPS tags • Conferencing – Skype, FaceTime • Remote Desktop – LogMeIn • File Access – DropBox, Box.net • Scan/Sign/Edit/Draw • Friend Finder – Device Locator • Security – can wipe from AppleID login • Email • Weather – USGS flooding app • Cases/Keyboards/Other accessories o Pen/GPS/Otter Box GPS Test Web LogMeIn iPad iPhone EverNote Web: Evernote iPad: Evernote Screen Shot Screen Shot iPhone: Evernote Screen Shot Other Hardware • Cameras - Waterproof/Dustproof/Fog-resistant • Portable Projectors File Syncing • DropBox – 2gb free o On smartphones, PC, Mac, Integrates with Docs2Go o Can share a link through email that others can download. • Box.net – 5gb free o Same kind of stuff Online Mapping • ArcGIS.com • Google Maps - My Places • Google Fusion Tables Website Management • Drupal • WordPress • SquareSpace • Google Sites News Aggregators Password Manager • Holds all my passwords • One Master password • On smartphones • Generates passwords • Browser Plugin • Security is great! Browser Plugins • News Aggregators • Lastpass • Screenshots - Fireshot • Download helpers – DownloadThemAll • Morning Coffee Teleconferencing/ Desktop Sharing • LogMeIn - free • Skype - free • Crossloop - free • Join.me – free • GoToMeeting • WebEx Social Networking • Facebook • LinkedIn • Twitter • Google+ • Google Groups Thanks! Andrew Phay [email protected] 360-354-2035 x129 .
    [Show full text]
  • A Security Framework for Mobile Health Applications on Android Platform
    A SECURITY FRAMEWORK FOR MOBILE HEALTH APPLICATIONS ON ANDROID PLATFORM MUZAMMIL HUSSAIN FACULTY OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY UNIVERSITY OF MALAYA UniversityKUALA LUMPUR of Malaya 2017 A SECURITY FRAMEWORK FOR MOBILE HEALTH APPLICATIONS ON ANDROID PLATFORM MUZAMMIL HUSSAIN THESIS SUBMITTED IN FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY FACULTY OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY UNIVERSITY OF MALAYA UniversityKUALA LUMPUR of Malaya 2017 UNIVERSITY OF MALAYA ORIGINAL LITERARY WORK DECLARATION Name of Candidate: Muzammil Hussain Matric No: WHA130038 Name of Degree: Doctor of Philosophy Title of Project Paper/Research Report/Dissertation/Thesis (“this Work”): A SECURITY FRAMEWORK FOR MOBILE HEALTH APPLICATIONS ON ANDROID PLATFORM Field of Study: Network Security (Computer Science) I do solemnly and sincerely declare that: (1) I am the sole author/writer of this Work; (2) This Work is original; (3) Any use of any work in which copyright exists was done by way of fair dealing and for permitted purposes and any excerpt or extract from, or reference to or reproduction of any copyright work has been disclosed expressly and sufficiently and the title of the Work and its authorship have been acknowledged in this Work; (4) I do not have any actual knowledge nor do I ought reasonably to know that the making of this work constitutes an infringement of any copyright work; (5) I hereby assign all and every rights in the copyright to this Work to the University of Malaya (“UM”), who henceforth shall be owner of the copyright in this Work and that any reproduction or use in any form or by any means whatsoever is prohibited without the written consent of UM having been first had and obtained; (6) I am fully aware that if in the course of making this Work I have infringed any copyright whether intentionally or otherwise, I may be subject to legal action or any other action as may be determined by UM.
    [Show full text]
  • Understanding and Detecting Wake Lock Misuses for Android Applications
    ✓ Artifact evaluated by FSE Understanding and Detecting Wake Lock Misuses for Android Applications Yepang Liux Chang Xu‡ Shing-Chi Cheungx Valerio Terragnix xDept. of Comp. Science and Engineering, The Hong Kong Univ. of Science and Technology, Hong Kong, China ‡State Key Lab for Novel Software Tech. and Dept. of Comp. Sci. and Tech., Nanjing University, Nanjing, China x{andrewust, scc*, vterragni}@cse.ust.hk, ‡[email protected]* ABSTRACT over slow network connections, it may take a while for the transaction to complete. If the user's smartphone falls asleep Wake locks are widely used in Android apps to protect crit- while waiting for server messages and does not respond in ical computations from being disrupted by device sleeping. time, the transaction will fail, causing poor user experience. Inappropriate use of wake locks often seriously impacts user To address this problem, modern smartphone platforms al- experience. However, little is known on how wake locks are low apps to explicitly control when to keep certain hardware used in real-world Android apps and the impact of their mis- awake for continuous computation. On Android platforms, uses. To bridge the gap, we conducted a large-scale empiri- wake locks are designed for this purpose. Specifically, to keep cal study on 44,736 commercial and 31 open-source Android certain hardware awake for computation, an app needs to ac- apps. By automated program analysis and manual investi- quire a corresponding type of wake lock from the Android gation, we observed (1) common program points where wake OS (see Section 2.2). When the computation completes, the locks are acquired and released, (2) 13 types of critical com- app should release the acquired wake locks properly.
    [Show full text]
  • Privatumo Apsaugos Metodas Nuo Buvimo Vietos Nustatymo Mobiliesiems Įrenginiams Baigiamasis Magistro Studijų Projektas
    Kauno technologijos universitetas Informatikos fakultetas Privatumo apsaugos metodas nuo buvimo vietos nustatymo mobiliesiems įrenginiams Baigiamasis magistro studijų projektas Deimantė Zemeckytė Projekto autorė Prof. Jevgenijus Toldinas Vadovas Kaunas, 2021 Kauno technologijos universitetas Informatikos fakultetas Privatumo apsaugos metodas nuo buvimo vietos nustatymo mobiliesiems įrenginiams Magistro studijų projektas Informacijos ir informaciniu technologijų sauga (621E10003) Deimantė Zemeckytė Projekto autorė Prof. Jevgenijus Toldinas Vadovas Doc. Statys Maciulevičius Recenzentas Kaunas, 2021 2 Kauno technologijos universitetas Informatikos fakultetas Deimantė Zemeckytė Privatumo apsaugos metodas nuo buvimo vietos nustatymo mobiliesiems įrenginiams Akademinio sąžiningumo deklaracija Patvirtinu, kad mano, Deimantė Zemeckytė, baigiamasis projektas tema „Privatumo apsaugos metodas nuo buvimo vietos nustatymo mobiliesiems įrenginiams“ yra parašytas visiškai savarankiškai ir visi pateikti duomenys ar tyrimų rezultatai yra teisingi ir gauti sąžiningai. Šiame darbe nei viena dalis nėra plagijuota nuo jokių spausdintinių ar internetinių šaltinių, visos kitų šaltinių tiesioginės ir netiesioginės citatos nurodytos literatūros nuorodose. Įstatymų nenumatytų piniginių sumų už šį darbą niekam nesu mokėjęs. Aš suprantu, kad išaiškėjus nesąžiningumo faktui, man bus taikomos nuobaudos, remiantis Kauno technologijos universitete galiojančia tvarka. Deimantė Zemeckytė (vardą ir pavardę įrašyti ranka) (parašas) Deimantė Zemeckytė. Privatumo apsaugos
    [Show full text]
  • Preventing Duplicate Bug Reports by Continuously Querying Bug Reports
    EMSE manuscript No. (will be inserted by the editor) Preventing Duplicate Bug Reports by Continuously Querying Bug Reports Abram Hindle · Curtis Onuczko Received: date / Accepted: date Abstract Bug deduplication or duplicate bug report detection is a hot topic in software engineering information retrieval research, but it is often not de- ployed. Typically to de-duplicate bug reports developers rely upon the search capabilities of the bug report software they employ, such as Bugzilla, Jira, or Github Issues. These search capabilities range from simple SQL string search to IR-based word indexing methods employed by search engines. Yet too often these searches do very little to stop the creation of duplicate bug reports. Some bug trackers have more than 10% of their bug reports marked as duplicate. Perhaps these bug tracker search engines are not enough? In this paper we propose a method of attempting to prevent duplicate bug reports before they start: continuously querying. That is as the bug reporter types in their bug report their text is used to query the bug database to find duplicate or related bug reports. This continuously querying bug reports allows the reporter to be alerted to duplicate bug reports as they report the bug, rather than formulat- ing queries to find the duplicate bug report. Thus this work ushers in a new way of evaluating bug report deduplication techniques, as well as a new kind of bug deduplication task. We show that simple IR measures can address this problem but also that further research is needed to refine this novel process that is integrate-able into modern bug report systems.
    [Show full text]
  • Geo-Tracking Tracking Routes, Syncing Coordinates
    geo-tracking tracking routes, syncing coordinates overview: If you are taking photos with a device that does not have a built in GPS, you can add geographic coordinates to those photos by associating those images with a recording of your route from a device that has GPS capabilities. This is useful when you have a camera with no built-in GPS but you do have a cell phone with GPS capabilities or a stand-alone GPS device. Because both your photos and the recording of your route include time information, the photos can look to a file of your route — a GPX file — and see where you were, when, and thus where you were when each photo was taken. For this to work, the date and time on the device recording images and the device recording your route should be closely synced. creating a route: There are numerous applications for Android and iOS that allow you to record geographical routes and export that information. Here we are using the app My Tracks for Android (myTracks for iOS). It is free and works well enough for our purposes. Once you have synced your phone and camera clocks, hit the red record button on the My Tracks app. By default, the app will continue to record your route until you tell it to stop. Go for a walk, car trip, or jet ski ride and take some photos as you go (though please not while you’re driving). When you have finished your route and taking photos, hit the stop button. You will be prompted to give your route a name.
    [Show full text]
  • An Android Application for Capturing Mobility Behavior
    EasyTracker: An Android application for capturing mobility behavior Alexandros Doulamis Nikos Pelekis Yannis Theodoridis Dept. of Informatics Dept. of Statistics & Insurance Sci. Dept. of Informatics University of Piraeus University of Piraeus University of Piraeus Piraeus, Greece Piraeus, Greece Piraeus, Greece [email protected] [email protected] [email protected] Abstract — This paper presents EasyTracker, a mobile EasyTracker provides end users with personalized privacy application developed for the Android O/S that enable the functionality [8]. storage, analysis and map visualization of routes of mobile The second key functionality is that EasyTracker allows users. Furthermore, it enable users to manually annotate part a user to annotate parts of her track with labels and therefore of their routes with labels describing their activity and to describe her current activity (e.g. “stopped at café A”, behavior (e.g. “home having breakfast”, “travelling by car to “driving towards office”) [9]. Such feature can turn out to be work”, etc.). Of equal importance, the application encapsulates very useful for automatic fill-in of surveys performed in several state-of-the-art line simplification algorithms for transportation science or for researchers working on activity compressing the trajectories drawn from collected GPS recognition who are usually restricted to use manually records, as well as segmenting trajectories into homogeneous processed surveys. parts in order to facilitate automatic auditing of the user’s manual annotation. Third, EasyTracker encapsulates state-of-the-art algorithms that process in an online fashion the received Keywords - EasyTracker; GPS data; trajectory; path; track; stream of GPS recordings and transforms it into meaningful privacy; compression; segmentation; Android OS tracks, ready to be stored into a trajectory database [10] for further analysis.
    [Show full text]
  • Edoctor: Automatically Diagnosing Abnormal Battery Drain Issues on Smartphones
    eDoctor: Automatically Diagnosing Abnormal Battery Drain Issues on Smartphones Xiao Ma∗†, Peng Huang∗, Xinxin Jin∗, Pei Wang‡, Soyeon Park∗, Dongcai Shen∗ Yuanyuan Zhou∗, Lawrence K. Saul∗ and Geoffrey M. Voelker∗ ∗Univ. of California at San Diego, †Univ. of Illinois at Urbana-Champaign, ‡Peking Univ., China Abstract profiling [18, 36, 46, 52], energy efficient hardware [21, 30], operating systems [7, 10, 15, 29, 42, 49, 50, 51], lo- The past few years have witnessed an evolutionary cation services [14, 20, 26, 31], displays [5, 17] and net- change in the smartphone ecosystem. Smartphones have working [4, 6, 32, 41, 43]. Previous work has achieved gone from closed platforms containing only pre-installed notable improvements in smartphone battery life, yet the applications to open platforms hosting a variety of third- focus has primarily been on normal usage, i.e., where the party applications. Unfortunately, this change has also led energy used is needed for normal operation. to a rapidincrease in Abnormal Battery Drain (ABD) prob- In this work, we address an under-explored, yet emerg- lems that can be caused by software defects or miscon- ing type of battery problem on smartphones – Abnormal figuration. Such issues can drain a fully-charged battery Battery Drain (ABD). within a couple of hours, and can potentially affect a sig- nificant number of users. This paper presents eDoctor, a practical tool that helps 1.1 Abnormal Battery Drain Issues regular users troubleshoot abnormal battery drain issues on smartphones. eDoctor leverages the concept of exe- ABD refers to abnormally fast draining of a smartphone’s cution phases to capture an app’s time-varying behavior, battery that is not caused by normal resource usage.
    [Show full text]
  • Appropriate Obfuscation of Location Information on an Application Level for Mobile Devices
    Appropriate obfuscation of location information on an application level for mobile devices Empower user to regain control of their location privacy DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering & Internet Computing eingereicht von Christoph Hochreiner Matrikelnummer 0726292 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Privatdoz. Dipl.-Ing. Mag.rer.soc.oec. Dr.techn. Edgar Weippl Mitwirkung: Univ. Lektor Dr.techn. Markus Huber, MSc Wien, TODOTT.MM.JJJJ (Unterschrift Verfasser) (Unterschrift Betreuung) Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Appropriate obfuscation of location information on an application level for mobile devices Empower user to regain control of their location privacy MASTER’S THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering & Internet Computing by Christoph Hochreiner Registration Number 0726292 to the Faculty of Informatics at the Vienna University of Technology Advisor: Privatdoz. Dipl.-Ing. Mag.rer.soc.oec. Dr.techn. Edgar Weippl Assistance: Univ. Lektor Dr.techn. Markus Huber, MSc Vienna, TODOTT.MM.JJJJ (Signature of Author) (Signature of Advisor) Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Erklärung zur Verfassung der Arbeit Christoph Hochreiner Jungerstraße 16, 4950 Altheim Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die verwende- ten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit - einschließlich Tabellen, Karten und Abbildungen -, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Ent- lehnung kenntlich gemacht habe.
    [Show full text]
  • Enregister Ses Randonnees
    ENREGISTER SES RANDONNEES Objectif : cataloguer les tracés des sorties dans le but de les exploiter, de les effectuer de nouveau ou de les partager avec d’autres Pour enregistrer une trace GPS avec son smartphone : télécharger l’application Mes Parcours de Google (simple et gratuite) : https://play.google.com/store/apps/details?id=com.google.android.maps.mytracks Utiliser MesParcours Activer le GPS sur son Lancer l’application Cliquer sur le bouton rouge Le Smartphone commence à Smartphone MesParcours REC pour démarrer enregistrer le parcours l’enregistrement Arrêter l’enregistrement en fin de parcours en cliquant sur le bouton STOP Traces de la randonnée Trois onglets donnent accès … au Graphique, … …et aux Statistiques Saisir les informations à la Carte, … demandées … et éventuellement …en complétant son adresse …. ou le visionner sur partager le fichier de la email…. Google Earth … randonnée par email …. Exploiter ses traces sur son ordinateur Pour télécharger Google Earth (gratuit) : http://www.google.fr/intl/fr/earth/index.html Afficher ses traces GPS avec Google Earth : Enregistrer le tracé sur son ordinateur Lancer le logiciel Google Earth Sélectionner le menu Fichier>Ouvrir En bas de la boîte de dialogue, Rechercher le fichier gpx, kmz ou kml sur Google Earth affiche la trace sélectionner Fichier de type : Gps (*.gpx, l’ordinateur, le sélectionner ou saisir son GPS sur un fond d’image *.loc, *.mps), ou Google Earth nom puis cliquer sur Ouvrir satellite (*.kml*.kmz…) Masquer la Cliquer barre latérale Mesurer avec la règle pour regarder autour de soiCliquer pour se déplacer Envoyer ou imprimer Faire glisser Ajouter un repère, un polygone, un trajet, une couche d’information, enregistrer une le curseur Enregistrer l’image ou cliquer visite sur les Aller dans Google maps boutons Utiliser la barre d’outils pour zoomer Utiliser les curseurs et boutons Avant d’effectuer un survol du ……Configurer la visite 3D Lancer la visite en 3D tracé….
    [Show full text]
  • Em-Arch: a System Architecture for Reproducible and Extensible Collection of Human Mobility Data
    em-arch: A system architecture for reproducible and extensible collection of human mobility data Kalyanaraman Shankari Pavan Yedavalli Ipsita Banerjee Taha Rashidi Randy H. Katz Paul Waddell David E. Culler Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2019-88 http://www2.eecs.berkeley.edu/Pubs/TechRpts/2019/EECS-2019-88.html May 20, 2019 Copyright © 2019, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Acknowledgement In addition to NSF CISE Expeditions Award CCF-1730628, this research is supported in part by gifts from Alibaba, Amazon Web Services, Ant Financial, Arm, CapitalOne, Ericsson, Facebook, Google, Huawei, Intel, Microsoft, Scotiabank, Splunk and VMware. This work was also supported in part by the CONIX Research Center, one of six centers in JUMP, a Semiconductor Research Corporation (SRC) program sponsored by DARPA. em-arch: A system architecture for reproducible and extensible collection of human mobility data January 22, 2019 1 Abstract did you take?", or \How long did it take you?". The 37 origins and destinations of travelers, the time it takes 38 2 Smartphones have revolutionized transportation for to travel, the cost and purpose, and other trip char- 39 3 travelers by providing mapping services that tell users acteristics have historically been collected through 40 4 how to get to a specific destination as well as ride- travel surveys, which form the practice standard for 41 5 hailing services that help them get there.
    [Show full text]