Related papers: WhiteLie: A Robust System for Spoofing User Data in Android Platforms

WhiteLie: A Robust System for Spoofing User Data in Android Platforms

URL: http://arxiv.org/abs/2512.01595v1
Date: Mon, 01 Dec 2025 12:11:16 GMT
Title: WhiteLie: A Robust System for Spoofing User Data in Android Platforms
Authors: Harish Yadav, Vikas Maurya, Abhilash Jindal, Vireshwar Kumar,
Abstract summary: WhiteLie can spoof a variety of user data and feed it to target apps.<n>It detects privacy-violating behaviours, automatically responding by supplying spoofed data instead of the user's real data.<n>Unlike prior approaches, WhiteLie requires neither device rooting nor altering the app's binary, making it deployable on stock Android devices.
Score: 1.6426058379893738
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Android employs a permission framework that empowers users to either accept or deny sharing their private data (for example, location) with an app. However, many apps tend to crash when they are denied permission, leaving users no choice but to allow access to their data in order to use the app. In this paper, we introduce a comprehensive and robust user data spoofing system, WhiteLie, that can spoof a variety of user data and feed it to target apps. Additionally, it detects privacy-violating behaviours, automatically responding by supplying spoofed data instead of the user's real data, without crashing or disrupting the apps. Unlike prior approaches, WhiteLie requires neither device rooting nor altering the app's binary, making it deployable on stock Android devices. Through experiments on more than 70 popular Android apps, we demonstrate that WhiteLie is able to deceive apps into accepting spoofed data without getting detected. Our evaluation further demonstrates that WhiteLie introduces negligible overhead in terms of battery usage, CPU consumption, and app execution latency. Our findings underscore the feasibility of implementing user-centric privacy-enhancing mechanisms within the existing Android ecosystem.

Related papers

Smartphone User Fingerprinting on Wireless Traffic [6.908883602224336]
We propose U-Print, a novel attack system that can passively recognize smartphone apps, actions, and users from over-the-air MAC-layer frames.<n>U-Print achieves an overall accuracy of 98.4% and an F1 score of 0.983 for user inference.
arXiv Detail & Related papers (2025-11-05T06:36:16Z)
A Comprehensive Analysis of Evolving Permission Usage in Android Apps: Trends, Threats, and Ecosystem Insights [9.172402449557264]
Despite official Android platform documentation on proper permission usage, there are still many cases of permission abuse.<n>This study provides a comprehensive analysis of the Android permission landscape.<n>By distinguishing between benign and malicious applications, we uncover developers' evolving strategies.
arXiv Detail & Related papers (2025-08-04T02:54:10Z)
Personalized Language Model Learning on Text Data Without User Identifiers [79.36212347601223]
We propose to let each mobile device maintain a user-specific distribution to dynamically generate user embeddings.<n>To prevent the cloud from tracking users via uploaded embeddings, the local distributions of different users should either be derived from a linearly dependent space.<n> Evaluation on both public and industrial datasets reveals a remarkable improvement in accuracy from incorporating anonymous user embeddings.
arXiv Detail & Related papers (2025-01-10T15:46:19Z)
Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers [1.6857161116805999]
This paper highlights that delivery receipts can pose significant privacy risks to users.<n>We use specifically crafted messages that trigger delivery receipts allowing any user to be pinged without their knowledge or consent.<n>We argue for a design change to address this issue.
arXiv Detail & Related papers (2024-11-17T22:58:28Z)
Do Android App Developers Accurately Report Collection of Privacy-Related Data? [5.863391019411233]
European Union's General Protection Regulation requires vendors to faithfully disclose their apps collect data. Many Android apps use third-party code for same information is not readily available. We first expose a multi-layered definition of privacy-related data correctly report collection in Android apps. We then create a dataset of privacy-sensitive data classes that may be used as input by an Android app.
arXiv Detail & Related papers (2024-09-06T10:05:45Z)
Exercising the CCPA Opt-out Right on Android: Legally Mandated but Practically Challenging [1.4703337216541843]
The California Consumer Privacy Act (CCPA) gives consumers a right to opt out of the selling and sharing of their personal information.<n>We evaluate to which extent popular apps on the Android platform enable users to exercise their CCPA opt-out right.
arXiv Detail & Related papers (2024-07-20T17:06:23Z)
The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services [9.547428690220618]
This study investigated secure messaging apps' usage of Google's Cloud Messaging (FCM) service to send push notifications to Android devices. We analyzed 21 popular secure messaging apps from the Google Play Store to determine what personal information these apps leak in the payload of push notifications sent via FCM. None of the data we observed being leaked to FCM was specifically disclosed in those apps' privacy disclosures.
arXiv Detail & Related papers (2024-07-15T10:13:30Z)
Black-box Dataset Ownership Verification via Backdoor Watermarking [67.69308278379957]
We formulate the protection of released datasets as verifying whether they are adopted for training a (suspicious) third-party model. We propose to embed external patterns via backdoor watermarking for the ownership verification to protect them. Specifically, we exploit poison-only backdoor attacks ($e.g.$, BadNets) for dataset watermarking and design a hypothesis-test-guided method for dataset verification.
arXiv Detail & Related papers (2022-08-04T05:32:20Z)
Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z)
Federated Learning-based Active Authentication on Mobile Devices [98.23904302910022]
User active authentication on mobile devices aims to learn a model that can correctly recognize the enrolled user based on device sensor information. We propose a novel user active authentication training, termed as Federated Active Authentication (FAA) We show that existing FL/SL methods are suboptimal for FAA as they rely on the data to be distributed homogeneously.
arXiv Detail & Related papers (2021-04-14T22:59:08Z)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)
Decentralized Privacy-Preserving Proximity Tracing [50.27258414960402]
DP3T provides a technological foundation to help slow the spread of SARS-CoV-2. System aims to minimise privacy and security risks for individuals and communities.
arXiv Detail & Related papers (2020-05-25T12:32:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.