AirGuard -- Protecting Android Users From Stalking Attacks By Apple Find My Devices

• URL: http://arxiv.org/abs/2202.11813v1
• Date: Wed, 23 Feb 2022 22:31:28 GMT
• Title: AirGuard -- Protecting Android Users From Stalking Attacks By Apple Find My Devices
• Authors: Alexander Heinrich, Niklas Bittner, Matthias Hollick
• Abstract summary: We reverse engineer Apple's tracking protection in iOS and discuss its features regarding stalking detection. We design "AirGuard" and release it as an Android app to protect against abuse by Apple tracking devices.
• Score: 78.08346367878578
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Finder networks in general, and Apple's Find My network in particular, can pose a grave threat to users' privacy and even health if these networks are abused for stalking. Apple's release of the AirTag, a very affordable tracker covered by the nearly ubiquitous Find My network, amplified this issue. While Apple provides a stalking detection feature within its ecosystem, billions of Android users are still left in the dark. Apple recently released the Android app "Tracker Detect," which does not deliver a convincing feature set for stalking protection. We reverse engineer Apple's tracking protection in iOS and discuss its features regarding stalking detection. We design "AirGuard" and release it as an Android app to protect against abuse by Apple tracking devices. We compare the performance of our solution with the Apple-provided one in iOS and study the use of AirGuard in the wild over multiple weeks using data contributed by tens of thousands of active users.

Related papers

• Obfuscated Location Disclosure for Remote ID Enabled Drones [57.66235862432006]
  We propose Obfuscated Location disclOsure for RID-enabled drones (OLO-RID) Instead of disclosing the actual drone's location, drones equipped with OLO-RID disclose a differentially private obfuscated location in a mobile scenario. OLO-RID also extends RID messages with encrypted location information, accessible only by authorized entities.
  arXiv  Detail & Related papers  (2024-07-19T12:35:49Z)
• Securing the Invisible Thread: A Comprehensive Analysis of BLE Tracker Security in Apple AirTags and Samsung SmartTags [0.0]
  This study presents an in-depth analysis of the security landscape in Bluetooth Low Energy (BLE) tracking systems. Our investigation traverses a wide spectrum of attack vectors such as physical tampering, firmware exploitation, signal spoofing, eavesdropping, jamming, app security flaws, Bluetooth security weaknesses, location spoofing, threats to owner devices, and cloud-related vulnerabilities.
  arXiv  Detail & Related papers  (2024-01-24T16:50:54Z)
• Stop Following Me! Evaluating the Effectiveness of Anti-Stalking Features of Personal Item Tracking Devices [4.604003661048267]
  Personal item tracking devices are popular for locating lost items such as keys, wallets, and suitcases. They are now being abused by stalkers and domestic abusers to track their victims' location over time. Some device manufacturers created anti-stalking features' in response, and later improved on them after criticism that they were insufficient. We analyse the effectiveness of the anti-stalking features with five brands of tracking devices through a gamified quasi-experiment in collaboration with the Assassins' Guild student society.
  arXiv  Detail & Related papers  (2023-12-12T10:51:50Z)
• Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels [25.30364629335751]
  Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels. This paper addresses the impact of these changes on individual privacy and control by analysing two versions of 1,759 iOS apps from the UK App Store. We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring.
  arXiv  Detail & Related papers  (2022-04-07T16:32:58Z)
• SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
  Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset. Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data. We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
  arXiv  Detail & Related papers  (2022-03-29T02:56:40Z)
• Few-Shot Backdoor Attacks on Visual Object Tracking [80.13936562708426]
  Visual object tracking (VOT) has been widely adopted in mission-critical applications, such as autonomous driving and intelligent surveillance systems. We show that an adversary can easily implant hidden backdoors into VOT models by tempering with the training process. We show that our attack is resistant to potential defenses, highlighting the vulnerability of VOT models to potential backdoor attacks.
  arXiv  Detail & Related papers  (2022-01-31T12:38:58Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps [25.30364629335751]
  We present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. Third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law.
  arXiv  Detail & Related papers  (2021-09-28T13:40:32Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.