A First Look at Privacy Risks of Android Task-executable Voice Assistant Applications
- URL: http://arxiv.org/abs/2509.23680v1
- Date: Sun, 28 Sep 2025 06:47:06 GMT
- Title: A First Look at Privacy Risks of Android Task-executable Voice Assistant Applications
- Authors: Shidong Pan, Yikai Ge, Xiaoyu Sun,
- Abstract summary: This paper presents a user-centric comprehensive empirical study on privacy risks in Android task-executable VA applications.<n>We cross-check their privacy declarations across six sources, including privacy labels, policies, and manifest files.<n>We uncover three significant privacy threat models: (1) privacy misdisclosure in mega apps, where integrated mini apps such as Alexa skills are inadequately represented; (2) privilege escalation via inter-application interactions, which exploit Android's communication mechanisms to bypass user consent; and (3) abuse of Google system applications, enabling apps to evade the declaration of dangerous permissions.
- Score: 2.865294888425256
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: With the development of foundation AI technologies, task-executable voice assistants (VAs) have become more popular, enhancing user convenience and expanding device functionality. Android task-executable VAs are applications that are capable of understanding complex tasks and performing corresponding operations. Given their prevalence and great autonomy, there is no existing work examine the privacy risks within the voice assistants from the task-execution pattern in a holistic manner. To fill this research gap, this paper presents a user-centric comprehensive empirical study on privacy risks in Android task-executable VA applications. We collect ten mainstream VAs as our research target and analyze their operational characteristics. We then cross-check their privacy declarations across six sources, including privacy labels, policies, and manifest files, and our findings reveal widespread inconsistencies. Moreover, we uncover three significant privacy threat models: (1) privacy misdisclosure in mega apps, where integrated mini apps such as Alexa skills are inadequately represented; (2) privilege escalation via inter-application interactions, which exploit Android's communication mechanisms to bypass user consent; and (3) abuse of Google system applications, enabling apps to evade the declaration of dangerous permissions. Our study contributes actionable recommendations for practitioners and underscores broader relevance of these privacy risks to emerging autonomous AI agents.
Related papers
- "I need to learn better searching tactics for privacy policy laws.'' Investigating Software Developers' Behavior When Using Sources on Privacy Issues [8.662963983664223]
Our study highlights major shortcomings in existing support for privacy-related development tasks.<n>Based on our findings, we discuss the need for more accessible, understandable, and actionable privacy resources for developers.
arXiv Detail & Related papers (2025-11-11T09:58:06Z) - Effective and Stealthy One-Shot Jailbreaks on Deployed Mobile Vision-Language Agents [29.62914440645731]
We present a one-shot jailbreak attack that leverages in-app prompt injections.<n> malicious apps embed short prompts in UI text that remain inert during human interaction but are revealed when an agent drives the UI via ADB.<n>Our framework comprises three crucial components: (1) low-privilege perception-chain targeting, which injects payloads into malicious apps as the agent's visual inputs; (2) user-invisible activation, a touch-based trigger that discriminates agent from human touches using physical touch attributes and exposes the payload only during agent operation; and (3) one-shot prompt efficacy, a stealthy-guided, character-level
arXiv Detail & Related papers (2025-10-09T05:34:57Z) - "We are not Future-ready": Understanding AI Privacy Risks and Existing Mitigation Strategies from the Perspective of AI Developers in Europe [56.1653658714305]
We interviewed 25 AI developers based in Europe to understand which privacy threats they believe pose the greatest risk to users, developers, and businesses.<n>We find that there is little consensus among AI developers on the relative ranking of privacy risks.<n>While AI developers are aware of proposed mitigation strategies for addressing these risks, they reported minimal real-world adoption.
arXiv Detail & Related papers (2025-10-01T13:51:33Z) - AgentDAM: Privacy Leakage Evaluation for Autonomous Web Agents [75.85554113398626]
We introduce a new benchmark AgentDAM that measures if AI web-navigation agents follow the privacy principle of data minimization''<n>Our benchmark simulates realistic web interaction scenarios end-to-end and is adaptable to all existing web navigation agents.
arXiv Detail & Related papers (2025-03-12T19:30:31Z) - Assessing Privacy Compliance of Android Third-Party SDKs [16.975384208528972]
Third-party Software Development Kits (SDKs) are widely adopted in Android app development.<n>This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information.<n>Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
arXiv Detail & Related papers (2024-09-16T15:44:43Z) - PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action [54.11479432110771]
PrivacyLens is a novel framework designed to extend privacy-sensitive seeds into expressive vignettes and further into agent trajectories.<n>We instantiate PrivacyLens with a collection of privacy norms grounded in privacy literature and crowdsourced seeds.<n>State-of-the-art LMs, like GPT-4 and Llama-3-70B, leak sensitive information in 25.68% and 38.69% of cases, even when prompted with privacy-enhancing instructions.
arXiv Detail & Related papers (2024-08-29T17:58:38Z) - Privacy Risks of General-Purpose AI Systems: A Foundation for Investigating Practitioner Perspectives [47.17703009473386]
Powerful AI models have led to impressive leaps in performance across a wide range of tasks.
Privacy concerns have led to a wealth of literature covering various privacy risks and vulnerabilities of AI models.
We conduct a systematic review of these survey papers to provide a concise and usable overview of privacy risks in GPAIS.
arXiv Detail & Related papers (2024-07-02T07:49:48Z) - Evaluating the Security and Privacy Risk Postures of Virtual Assistants [3.1943453294492543]
We evaluated the security and privacy postures of eight widely used voice assistants: Alexa, Braina, Cortana, Google Assistant, Kalliope, Mycroft, Hound, and Extreme.
Results revealed that these VAs are vulnerable to a range of security threats.
These vulnerabilities could allow malicious actors to gain unauthorized access to users' personal information.
arXiv Detail & Related papers (2023-12-22T12:10:52Z) - Security and Privacy Problems in Voice Assistant Applications: A Survey [10.10499765108625]
Security and privacy threats have emerged with the rapid development of the Internet of Things (IoT)
The security issues researched include attack techniques toward machine learning models and other hardware components widely used in voice assistant applications.
This paper concludes and assesses five kinds of security attacks and three types of privacy threats in the papers published in the top-tier conferences of cyber security and voice domain.
arXiv Detail & Related papers (2023-04-19T08:17:01Z) - An Empirical Study of AI Techniques in Mobile Applications [10.43634556488264]
We conducted the most extensive empirical study on AI applications, exploring on-device ML apps, on-device DL apps, and AI service-supported (cloud-based) apps.
Our study has strong implications for AI app developers, users, and AI R&D.
arXiv Detail & Related papers (2022-12-03T15:31:34Z) - SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset.
Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data.
We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
arXiv Detail & Related papers (2022-03-29T02:56:40Z) - Measuring the Effectiveness of Privacy Policies for Voice Assistant
Applications [12.150750035659383]
We conduct the first large-scale data analytics to systematically measure the effectiveness of privacy policies provided by voice-app developers.
We analyzed 64,720 Amazon Alexa skills and 2,201 Google Assistant actions.
Our findings reveal a worrisome reality of privacy policies in two mainstream voice-app stores.
arXiv Detail & Related papers (2020-07-29T03:17:51Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.