Benign Apps Can Hide a Nefarious Secret
Benign Apps Can Hide a Nefarious Secret
September 29, 2016
CyberWire — Yisroel Mirsky, a BGU Ph.D. candidate and researcher at the University’s Cyber Security Research Center, returned recently to the CyberWire podcast to discuss how even the most harmless seeming apps can leech data from a user’s phone.
According to the researcher, many apps are harboring a secret, in that they don’t have to ask permission to obtain data from a phone’s motion sensors.
Yisroel Mirsky
“When you download or install a new application it asks you for certain permissions,” he says. “But there is one set of permissions an application doesn’t need to ask for, and that’s access to motion sensors.”
“You can download, for example, the classic flashlight application and it will say that it doesn’t require special permission so it seems rather benign. Meanwhile it is recording all the motion from your accelerometer and your gyroscope, and trying to infer personal information about you.”
But how much information can really be gleaned from the motion on a phone? According to Mirsky, quite a lot.
“One of the things we found in our labs was that we were able to determine a person’s gender just by the acceleration of the device over the day.”
This is Mirsky’s second appearance on the podcast since CyberWire and BGU became academic partners.
Listen at 8:40 for the discussion with Yisroel Mirsky:
Stories Like This
