WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS. / Tileria , Marcos; Blasco, Jorge; Suarez-Tangil , Guillermo.

23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX, 2020.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Forthcoming

Standard

WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS. / Tileria , Marcos; Blasco, Jorge; Suarez-Tangil , Guillermo.

23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX, 2020.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

APA

Tileria , M., Blasco, J., & Suarez-Tangil , G. (Accepted/In press). WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020) USENIX. https://www.usenix.org/conference/raid2020/presentation/tileria

Vancouver

Tileria M, Blasco J, Suarez-Tangil G. WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX. 2020

Author

Tileria , Marcos ; Blasco, Jorge ; Suarez-Tangil , Guillermo. / WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS. 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX, 2020.

BibTeX

@inproceedings{53dad8584904430fab2d73267d2e8135,
title = "WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS",
abstract = "Smartwatches and wearable technology have proliferated in the recent years featured by a seamless integration with a paired smartphone. Many mobile applications now come with a companion app that the mobile OS deploys on the wearable. These execution environments expand the context of mobile applications across more than one device, introducing new security and privacy issues. One such issue is that current information flow analysis techniques can not capture comms between devices. This can lead to undetected privacy leaks when developers use these channels to send sensitive data between devices.In this paper, we present WearFlow, a framework that uses static analysis to detect sensitive data flows across mobile and wearable companion apps in Android. WearFlow augments taint analysis capabilities to enable inter-device analysis of apps. WearFlow models proprietary libraries embedded in Google Play Services and instruments the mobile and wearable app to allow for a precise information flow analysis between them. We evaluate WearFlow on a test suite purposely designed to cover different scenarios for the communication Mobile-Wear, which we release as Wear-Bench. We also run WearFlow on 8K+ real-world apps and discover privacy violations in popular apps (10M+ downloads).",
author = "Marcos Tileria and Jorge Blasco and Guillermo Suarez-Tangil",
year = "2020",
month = may,
day = "27",
language = "English",
booktitle = "23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)",
publisher = "USENIX",

}

RIS

TY - GEN

T1 - WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS

AU - Tileria , Marcos

AU - Blasco, Jorge

AU - Suarez-Tangil , Guillermo

PY - 2020/5/27

Y1 - 2020/5/27

N2 - Smartwatches and wearable technology have proliferated in the recent years featured by a seamless integration with a paired smartphone. Many mobile applications now come with a companion app that the mobile OS deploys on the wearable. These execution environments expand the context of mobile applications across more than one device, introducing new security and privacy issues. One such issue is that current information flow analysis techniques can not capture comms between devices. This can lead to undetected privacy leaks when developers use these channels to send sensitive data between devices.In this paper, we present WearFlow, a framework that uses static analysis to detect sensitive data flows across mobile and wearable companion apps in Android. WearFlow augments taint analysis capabilities to enable inter-device analysis of apps. WearFlow models proprietary libraries embedded in Google Play Services and instruments the mobile and wearable app to allow for a precise information flow analysis between them. We evaluate WearFlow on a test suite purposely designed to cover different scenarios for the communication Mobile-Wear, which we release as Wear-Bench. We also run WearFlow on 8K+ real-world apps and discover privacy violations in popular apps (10M+ downloads).

AB - Smartwatches and wearable technology have proliferated in the recent years featured by a seamless integration with a paired smartphone. Many mobile applications now come with a companion app that the mobile OS deploys on the wearable. These execution environments expand the context of mobile applications across more than one device, introducing new security and privacy issues. One such issue is that current information flow analysis techniques can not capture comms between devices. This can lead to undetected privacy leaks when developers use these channels to send sensitive data between devices.In this paper, we present WearFlow, a framework that uses static analysis to detect sensitive data flows across mobile and wearable companion apps in Android. WearFlow augments taint analysis capabilities to enable inter-device analysis of apps. WearFlow models proprietary libraries embedded in Google Play Services and instruments the mobile and wearable app to allow for a precise information flow analysis between them. We evaluate WearFlow on a test suite purposely designed to cover different scenarios for the communication Mobile-Wear, which we release as Wear-Bench. We also run WearFlow on 8K+ real-world apps and discover privacy violations in popular apps (10M+ downloads).

M3 - Conference contribution

BT - 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)

PB - USENIX

ER -