bind your phone number with caution: automated user profiling through address book matching on smartphone

ISCAS OpenIR

	bind your phone number with caution: automated user profiling through address book matching on smartphone
	Cheng Yao; Ying Lingyun; Jiao Sibei; Su Purui; Feng Dengguo
	2013
会议名称	8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013
会议录名称	ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security
页码	335-340
会议日期	May 8, 2013 - May 10, 2013
会议地点	Hangzhou, China
收录类别	EI
ISBN	9781450317672
部门归属	(1) Institute of Software Chinese Academy of Sciences Beijing 100190 China
摘要	Due to the cost-efficient communicating manner and attractive user experience, messenger applications have dominated every smartphone in recent years. Nowadays, Address Book Matching, a new feature that helps people keep in touch with real world contacts, has been loaded in many popular messenger applications, which unfortunately as well brings severe privacy issues to users. In this paper, we propose a novel method to abuse such feature to automatically collect user profiles. This method can be applied to any application equipped with Address Book Matching independent of mobile platforms. We also build a prototype on Android to verify the effectiveness of our method. Moreover, we integrate profiles gathered from different messenger applications and provide insights by performing a consistency and authenticity analysis on user profile fields. As our experiments show, the abuse of Address Book Matching can cause severe user privacy leakage. Finally, we provide some countermeasures for developers to avoid this issue when designing messenger applications. © 2013 ACM.; Due to the cost-efficient communicating manner and attractive user experience, messenger applications have dominated every smartphone in recent years. Nowadays, Address Book Matching, a new feature that helps people keep in touch with real world contacts, has been loaded in many popular messenger applications, which unfortunately as well brings severe privacy issues to users. In this paper, we propose a novel method to abuse such feature to automatically collect user profiles. This method can be applied to any application equipped with Address Book Matching independent of mobile platforms. We also build a prototype on Android to verify the effectiveness of our method. Moreover, we integrate profiles gathered from different messenger applications and provide insights by performing a consistency and authenticity analysis on user profile fields. As our experiments show, the abuse of Address Book Matching can cause severe user privacy leakage. Finally, we provide some countermeasures for developers to avoid this issue when designing messenger applications. © 2013 ACM.
关键词	Data Privacy Signal Encoding Smartphones
主办者	ACM SIGSAC; Hangzhou Normal University; Shanghai Jiaotong University
语种	英语
内容类型	会议论文
URI标识	http://ir.iscas.ac.cn/handle/311060/15978
专题	中国科学院软件研究所
推荐引用方式 GB/T 7714	Cheng Yao,Ying Lingyun,Jiao Sibei,et al. bind your phone number with caution: automated user profiling through address book matching on smartphone[C],2013:335-340.