Apps you download to see can see you too! – Smartphone Sensor Exploitation!

‘Whatever you do, there is someone watching over you from the above. That someone is God.’ We were told this by our parents when we were kids so as to stop us from doing any mischief. Well, I do not know if God really watches over us or is that saying still taught to kids of today’s generation but what still remains true is – ‘Someone is watching you!’

Technology has been a factor that can be considered as a catalyst in the reaction of development. Advancement in this field yields productivity and efficiency. Major advancements are carried on mobile phones due to it turning into a necessity.

Just like Google is the ultimate destination for all our questions, mobile phones are being turned into a device capable of all telecommunication and infotainment needs. From phones being just used for calling and that too with a bulky size, now has turned into a much compact version with dozens of functionalities.

With the pace in which the Internet has advanced, we see our world getting connected faster. Or is it not? This discussion would require an individual blog post so let’s just leave this for a moment. But, ponder over it.

With the expansion of the Internet and its accessibility on mobile phones, all the companies are trying to have their applications that could be easily accessed by users. They have realized the restless and hectic lives of people and the need of having a mobile application.

Do you see people sitting for hours on a fixed computer just for checking e-mails and stuff? If you do, then you are way behind time. There is a rapid increase in the number of users shifting from stationary internet devices to the mobile internet. And of these mobile internet users, 85% people prefer to use different apps over default web browser for their daily news and entertainment.

The Era of Smartphone Sensors

What makes our smartphones smart? Let us cut short the chase and answer it in a simple word – Sensors; a bulk of sensors.

For the general public, sensors are just small chips or tech devices that are capable of measuring any physical quantity and then converting it into digital data. The physical quantity comes from you or the surrounding and is converted into digital data which can be seen on the phone or be sent to the mobile applications.

Apps you download to see can see you too

Ever wondered how your phone is able to track your location or how you are able to track how many steps you have taken or how many miles you have run? These are a few of a lot more things the phone is capable to do with these sensors.

Which sensors your smartphone sports?

The basic sensors are the movement ones which includes but not limited to, accelerometer – movement measurement. Gyroscope acts as a hand in giving a little more accuracy to accelerometer by providing angular measurement across the three axes. For the phone to know where you are, it uses the magnetometer which detects the magnetic north. It could also have a GPS chip.

When you have your phone close to your ear, the screen blacks out. how does it know? The sensor responsible for such activities is the proximity sensor. There are also advancements in the quality of taking pictures for example face detection, which is also with the help of sensors.

The price you pay for the phone is mainly for these sensors that come build with it. These make your phone smart. But how these sensors are being used is something which we are here to talk about. Are you paying money for the applications to see what you are doing?

smartphone sensor exploit

Image Source: CornerAlliance

In the article by TechRadar, Gaurav Malik, Programme Leader and Senior Lecturer in Computer Science at the University of East London said, “The number of sensors on your phone should not concern you, but the number of apps using that sensor data should”.

At each and every step, you are being tracked. This is not coming out of the blue, its been here for a long time. But, a lot of users are unaware of it.

Activity Recognition, discussed on Reddit, is an android permission that lets the developers know what you are doing at any instance. Google says that the Activity Recognition API is built over the sensors. With so many sensors being constantly used, a lot of heterogeneous data is passed. So, the Activity recognition API periodically reads the information from the sensors and processes it with the help of machine learning, so every time it gets better in the accuracy.

Should you worry about sensor exploitation?

With the help of Activity Recognition, the developers can know even the minute details, whether you are standing or sitting, or using more than one application at a time. They keep track of your whereabouts and searches.

When you start running, your phone automatically starts counting your footsteps or the distance. This might sound smart but when you think of it and wonder how it is doing all this, it makes you feel dumb. Just think of it in this way, you are having your meal in a restaurant and you are alone. So, you just look around or go through the magazine or maybe chat on the phone. But then, you come across a guy at a distant table constantly gazing at the tiny details of you and noting them down, like whenever you flip the page of the magazine or take a bite of the meal, even your eye moments. Creepy, right?

You must have noticed while downloading an application, it asks for permissions. A lot of the permissions are buried in the categories and it is harder to recognize what are the actual permissions you are giving the apps. So you have to take the longer route.

While most of the apps do use sensor data responsibly, a large number of apps are misusing sensor data to deliver targeted advertisements and selling data to 3rd party companies for cash.

The real problem arises when you install an app which is not listed on Playstore or Appstore. An attacker may disguise a malicious app into a genuine-looking app which further tricks user by hiding permissions request screen while installing it on the target smartphone.

Further, this malicious app can access the sensor data without explicit permissions, thereby giving your physical details like geolocation or even a live video or audio of your surroundings to the attacker.

If you are really concerned about sensor data and want to know which applications use it, you have to manually check it for individual apps and toggle them on or off. To do that, go to Settings, Apps, tapping the app you want to check the permissions of, hit the menu button and tap on All permissions. iOS users, Open the Settings app and scroll down to the list of apps at the very bottom. After the hard work, you will at least be assured that you have peace of mind.

Ashwin S

A cybersecurity enthusiast at heart with a passion for all things tech. Yet his creativity extends beyond the world of cybersecurity. With an innate love for design, he's always on the lookout for unique design concepts.