{"id":"https://openalex.org/W3213350640","doi":"https://doi.org/10.1145/3460120.3485366","title":"This Sneaky Piggy Went to the Android Ad Market: Misusing Mobile Sensors for Stealthy Data Exfiltration","display_name":"This Sneaky Piggy Went to the Android Ad Market: Misusing Mobile Sensors for Stealthy Data Exfiltration","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3213350640","doi":"https://doi.org/10.1145/3460120.3485366","mag":"3213350640"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3485366","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3485366","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3485366","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3485366","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011514684","display_name":"Michalis Diamantaris","orcid":null},"institutions":[{"id":"https://openalex.org/I4210127348","display_name":"FORTH Institute of Electronic Structure and Laser","ror":"https://ror.org/02a3mhk13","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210127348","https://openalex.org/I8901234"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"Michalis Diamantaris","raw_affiliation_strings":["FORTH, Heraklion, Crete, Greece"],"affiliations":[{"raw_affiliation_string":"FORTH, Heraklion, Crete, Greece","institution_ids":["https://openalex.org/I4210127348"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059481499","display_name":"Serafeim Moustakas","orcid":null},"institutions":[{"id":"https://openalex.org/I4210127348","display_name":"FORTH Institute of Electronic Structure and Laser","ror":"https://ror.org/02a3mhk13","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210127348","https://openalex.org/I8901234"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Serafeim Moustakas","raw_affiliation_strings":["FORTH, Heraklion, Crete, Greece"],"affiliations":[{"raw_affiliation_string":"FORTH, Heraklion, Crete, Greece","institution_ids":["https://openalex.org/I4210127348"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015105117","display_name":"Lichao Sun","orcid":"https://orcid.org/0000-0003-1539-7939"},"institutions":[{"id":"https://openalex.org/I186143895","display_name":"Lehigh University","ror":"https://ror.org/012afjb06","country_code":"US","type":"education","lineage":["https://openalex.org/I186143895"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lichao Sun","raw_affiliation_strings":["Lehigh University, Bethlehem, PA, USA"],"affiliations":[{"raw_affiliation_string":"Lehigh University, Bethlehem, PA, USA","institution_ids":["https://openalex.org/I186143895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022073151","display_name":"Sotiris Ioannidis","orcid":"https://orcid.org/0000-0001-9340-2241"},"institutions":[{"id":"https://openalex.org/I55741626","display_name":"Technical University of Crete","ror":"https://ror.org/03f8bz564","country_code":"GR","type":"education","lineage":["https://openalex.org/I55741626"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Sotiris Ioannidis","raw_affiliation_strings":["Technical University of Crete, Chania, Crete, Greece"],"affiliations":[{"raw_affiliation_string":"Technical University of Crete, Chania, Crete, Greece","institution_ids":["https://openalex.org/I55741626"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018209439","display_name":"Jason Polakis","orcid":"https://orcid.org/0000-0001-5034-0730"},"institutions":[{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Polakis","raw_affiliation_strings":["University of Illinois at Chicago, Chicago, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Chicago, Chicago, IL, USA","institution_ids":["https://openalex.org/I39422238"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5011514684"],"corresponding_institution_ids":["https://openalex.org/I4210127348"],"apc_list":null,"apc_paid":null,"fwci":1.08,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.77716846,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1065","last_page":"1081"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11896","display_name":"Opportunistic and Delay-Tolerant Networks","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.839645504951477},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6982169151306152},{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.5535286068916321},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5531524419784546},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.525890052318573},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5200169086456299},{"id":"https://openalex.org/keywords/app-store","display_name":"App store","score":0.5131576657295227},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4861154556274414},{"id":"https://openalex.org/keywords/android-app","display_name":"Android app","score":0.4700780212879181},{"id":"https://openalex.org/keywords/information-sensitivity","display_name":"Information sensitivity","score":0.4531959295272827},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4302123486995697},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3621594309806824},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.18730708956718445}],"concepts":[{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.839645504951477},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6982169151306152},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.5535286068916321},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5531524419784546},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.525890052318573},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5200169086456299},{"id":"https://openalex.org/C2779794324","wikidata":"https://www.wikidata.org/wiki/Q3814081","display_name":"App store","level":2,"score":0.5131576657295227},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4861154556274414},{"id":"https://openalex.org/C2988045736","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android app","level":3,"score":0.4700780212879181},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.4531959295272827},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4302123486995697},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3621594309806824},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.18730708956718445},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3460120.3485366","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3485366","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3485366","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3460120.3485366","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3485366","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3485366","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","display_name":"Responsible consumption and production","score":0.5899999737739563}],"awards":[{"id":"https://openalex.org/G2924814308","display_name":null,"funder_award_id":"CNS-1934597","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2980348971","display_name":"SaTC: CORE: Small: Black-Box Flaw Discovery in Web Authentication and Authorization Mechanisms","funder_award_id":"1934597","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6453977571","display_name":null,"funder_award_id":"777855, 830927, 833683","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3213350640.pdf","grobid_xml":"https://content.openalex.org/works/W3213350640.grobid-xml"},"referenced_works_count":66,"referenced_works":["https://openalex.org/W95608104","https://openalex.org/W1533974647","https://openalex.org/W1536711614","https://openalex.org/W1665214252","https://openalex.org/W1744020988","https://openalex.org/W1966175380","https://openalex.org/W1984816986","https://openalex.org/W1991685971","https://openalex.org/W2018157642","https://openalex.org/W2032616120","https://openalex.org/W2049266248","https://openalex.org/W2073445898","https://openalex.org/W2074367177","https://openalex.org/W2090465075","https://openalex.org/W2099468260","https://openalex.org/W2107816859","https://openalex.org/W2108328714","https://openalex.org/W2122837018","https://openalex.org/W2123437505","https://openalex.org/W2147063679","https://openalex.org/W2150097065","https://openalex.org/W2150639461","https://openalex.org/W2157286909","https://openalex.org/W2158705880","https://openalex.org/W2167661907","https://openalex.org/W2197053955","https://openalex.org/W2208157769","https://openalex.org/W2294170611","https://openalex.org/W2401233188","https://openalex.org/W2498667172","https://openalex.org/W2503791111","https://openalex.org/W2508271471","https://openalex.org/W2509042760","https://openalex.org/W2535603283","https://openalex.org/W2553915786","https://openalex.org/W2559753054","https://openalex.org/W2572078890","https://openalex.org/W2574536453","https://openalex.org/W2605278663","https://openalex.org/W2612281133","https://openalex.org/W2619786436","https://openalex.org/W2754689772","https://openalex.org/W2764029594","https://openalex.org/W2765339069","https://openalex.org/W2766315610","https://openalex.org/W2782918258","https://openalex.org/W2794804810","https://openalex.org/W2796498984","https://openalex.org/W2805638371","https://openalex.org/W2810490099","https://openalex.org/W2890010784","https://openalex.org/W2891928976","https://openalex.org/W2912892598","https://openalex.org/W2913135383","https://openalex.org/W2923317037","https://openalex.org/W3039204255","https://openalex.org/W3087940105","https://openalex.org/W3100137403","https://openalex.org/W3106490093","https://openalex.org/W3138613405","https://openalex.org/W3160863695","https://openalex.org/W4230625568","https://openalex.org/W4235096090","https://openalex.org/W4289038676","https://openalex.org/W4298112463","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W3142571737","https://openalex.org/W2605037362","https://openalex.org/W3173766926","https://openalex.org/W3120409491","https://openalex.org/W3035615288","https://openalex.org/W1934710228","https://openalex.org/W2965323276","https://openalex.org/W2327231718","https://openalex.org/W2022990508","https://openalex.org/W4391184016"],"abstract_inverted_index":{"Mobile":[0],"sensors":[1,25,250],"have":[2,191],"transformed":[3],"how":[4,138],"users":[5],"interact":[6],"with":[7],"modern":[8,59],"smartphones":[9],"and":[10,38,66,95,116,162,202,256,297,313],"enhance":[11],"their":[12],"overall":[13],"experience.":[14],"However,":[15],"the":[16,58,89,127,167,170,173,175,184,213,216,221,226,235,239,253,281,292,306],"absence":[17],"of":[18,29,45,131,263,274],"sufficient":[19],"access":[20,129,203,310],"control":[21,130,204,311],"for":[22,75,92,238,308],"protecting":[23],"these":[24],"enables":[26],"a":[27,42,83,260,269],"plethora":[28],"threats.":[30],"As":[31],"prior":[32],"work":[33],"has":[34],"shown,":[35],"malicious":[36],"apps":[37,64,120,278],"sites":[39],"can":[40,72,142,232,244],"deploy":[41],"wide":[43],"range":[44],"attacks":[46,97,103],"that":[47,87,98,121,206,289],"use":[48,73],"data":[49,133,141,164,209,299],"captured":[50],"from":[51,248,301],"sensors.":[52,101],"Unfortunately,":[53],"as":[54,229,252],"we":[55,81,190,267],"demonstrate,":[56],"in":[57,134,155,195,277,280,291],"app":[60,110,171,181,197,214],"ecosystem":[61,91],"where":[62],"most":[63],"fetch":[65],"render":[67],"third-party":[68],"web":[69],"content,":[70],"attackers":[71],"ads":[74,231,275,290],"delivering":[76,93],"attacks.":[77],"In":[78],"this":[79,264],"paper,":[80],"introduce":[82],"novel":[84],"attack":[85,158],"vector":[86],"misuses":[88],"advertising":[90],"sophisticated":[94],"stealthy":[96],"leverage":[99],"mobile":[100],"These":[102],"do":[104],"not":[105],"depend":[106],"on":[107,183,234],"any":[108],"special":[109],"permissions":[111,236],"or":[112,223],"specific":[113],"user":[114],"actions,":[115],"affect":[117],"all":[118],"Android":[119,180,283],"contain":[122],"in-app":[123,230],"advertisements":[124],"due":[125],"to":[126,145,220],"improper":[128],"sensor":[132,140],"WebView.":[135],"We":[136],"outline":[137],"motion":[139,302],"be":[143],"used":[144],"infer":[146],"users'":[147],"sensitive":[148],"touch":[149],"input":[150],"(e.g.,":[151],"credit":[152],"card":[153],"information)":[154],"two":[156],"distinct":[157],"scenarios,":[159],"namely":[160],"intra-app":[161],"inter-app":[163],"exfiltration.":[165],"While":[166],"former":[168],"targets":[169],"displaying":[172],"ad,":[174],"latter":[176],"affects":[177],"every":[178],"other":[179],"running":[182],"device.":[185],"To":[186,258],"make":[187],"matters":[188],"worse,":[189],"uncovered":[192],"serious":[193],"flaws":[194],"Android's":[196],"isolation,":[198],"life":[199],"cycle":[200],"management,":[201],"mechanisms":[205],"enable":[207],"persistent":[208],"exfiltration":[210],"even":[211],"after":[212],"showing":[215],"ad":[217],"is":[218],"moved":[219],"background":[222],"terminated":[224],"by":[225],"user.":[227],"Furthermore,":[228],"\"piggyback\"":[233],"intended":[237],"app's":[240],"core":[241],"functionality,":[242],"they":[243],"also":[245],"obtain":[246],"information":[247],"protected":[249],"such":[251],"camera,":[254],"microphone":[255],"GPS.":[257],"provide":[259],"comprehensive":[261],"assessment":[262],"emerging":[265],"threat,":[266],"conduct":[268],"large-scale,":[270],"end-to-end,":[271],"dynamic":[272],"analysis":[273],"shown":[276],"available":[279],"official":[282],"Play":[284],"Store.":[285],"Our":[286],"study":[287],"reveals":[288],"wild":[293],"are":[294],"already":[295],"accessing":[296],"leaking":[298],"obtained":[300],"sensors,":[303],"thus":[304],"highlighting":[305],"need":[307],"stricter":[309],"policies":[312],"isolation":[314],"mechanisms.":[315]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}