Aug 24

Disabling Wi-Fi is not always enough to avoid tracking

[EN:]

Users carrying a mobile device with their Wi-Fi enabled are exposed to unsollicited Wi-Fi tracking in the physical world. Disabling Wi-Fi on one’s phone seems to be a solution to escape such tracking. Some Wi-Fi trackers even suggest users who don’t want to be track to turn off Wi-Fi.

In fact, disabling Wi-Fi on Android is not necessarily enough to avoid tracking. Indeed, devices may still perform Wi-Fi scans even if the Wi-Fi has been disabled. Our study confirms that other settings need to be configured in order to totally mute the Wi-Fi interface. In particular, a parameter called “Always allow scanning”, which can’t be turned-off on some devices, needs to be deactivated to prevent this behavior.

[FR:]

Les utilisateurs d’un appareil équipé du Wi-Fi sont potentiellement exposés au traçage Wi-Fi dans le monde physique. La désactivation du Wi-Fi semble être une solution pour échapper à ce traçage. Certains traceurs Wi-Fi suggèrent même de d’éteindre le Wi-Fi si l’on ne souhaite pas être géolocalisé.

En fait, la désactivation du Wi-Fi sous Android n’est pas nécessairement suffisante pour empêcher le traçage. En effet, l’appareil peut effectuer des scans Wi-Fi même si le Wi-Fi a été désactivé. Notre étude confirme que d’autres paramètres doivent être configurés afin de bloquer totalement l’émission de signaux Wi-Fi. En particulier, l’option “recherche toujours disponible”, qui n’est pas accessible sur certains appareils, doit être désactivée pour empêcher ce comportement.

 

Célestin Matte, Mathieu Cunche, Vincent Toubiana. Does disabling Wi-Fi prevent my Android phone from sending Wi-Fi frames?. [Research Report] RR-9089, Inria – Research Centre Grenoble – Rhône-Alpes; INSA Lyon. 2017 <hal-01575519>

 

 

 

Sep 14

Track’RUs

Stop tracking our kids!

Mattel et Hasbro sont épinglés aux Etats-Unis après le pistage d’enfants en ligne….car il est interdit de “tracker” et “profiler” les enfants aux Etats-Unis… ainsi qu’en Europe et en France (sans le consentement des parents) (…

J’ai fait donc fait un test rapide sur certains des 10 sites pour enfants recommandés par le site “memoclic.com” et les résultats sont édifiants!

  • Dessins, coloriages, bricolages, jeux sur jedessine.com. “Voilà une référence en matière d’activités et de jeux en ligne pour enfants. Malgré les campagnes de publicité un peu envahissantes (il faut bien vivre en même temps), vous trouverez assez vite votre chemin jusqu’au dessins en linge, coloriages (en ligne ou à imprimer), des activités de bricolage, des jeux, des lectures ou des bonus multimédias… bref, un véritable portail ludo-éducatif qui s’adressent aussi bien aux tout petits qu’aux un peu plus grands. “…  ce site contient au moins 5 trackers.
  • screen-shot-2016-09-14-at-9-43-25-pm
  • Un journal d’actualités pour votre enfant.”De votre côté, vous avez LeMonde, Libe, LeFigaro, 20minutes… et bien d’autres journaux encore. Mais existe t-il un journal d’actualités vraiment adapté à vos chères têtes blondes ? L’actualité expliquée aux enfants est donc disponible sur certains sites comme LesClesJunior ou le Journal des enfants. Vous serez sûr(e) que votre enfant ne tombera pas sur des images et des informations choquantes.”… votre enfant ne tombera pas sur des images et des informations choquantes, mais sur au moins 5 trackers!
  • screen-shot-2016-09-14-at-9-50-31-pm
    C’est pas sorcier est sur le Web. “Quel est l’enfant qui ne connaît pas encore l’émission très bien faite C’est pas sorcier diffusée sur France 3 ? Au cas où ce programme ne vous dise rien, rendez-vous sur ce site web qui recense quelques vidéos intéressantes (pas toutes malheureusement) et qui expliquent fort bien les choses. Les sujets peuvent être très différents mais vous intéresseront sans aucun doute.”…de mieux en mieux: 25 trackers !!!!
  • screen-shot-2016-09-14-at-9-55-16-pm

Est-ce vraiment nécessaire de continuer ou j’appelle la CNIL?????

 

Jun 23

FTC InMobi settlement: Inria-Eurecom research work reported the abuse in 2014

Back in 2014, in our ACM WiSec paper, entitled WifiLeaks: Underestimated Privacy Implications of the

ACCESS_WIFI_STATE Android Permission, we reported that some mobile applications were abusing the ACCESS_WIFI_STATE permission of Android to collect private information on users, including their location.

More particularly, we found that 41% apps (out of a total of 2700 most popular apps tested) were accessing ACCESS_WIFI_STATE permission. It was very a surprising result because this permission gives access to Wi-Fi related information (MAC address, BSSID of connected access point, Wi-Fi scan info, etc.) and we could not imagine why so many apps would require to access this information. The only apps we could imagine requiring access to such information were Wi-Fi configuration apps or local area network based game apps for example.

By looking more closely at these Wi-Fi related information, we found that it may reveal a lot of personally identifiable information like a device unique identifier (MAC address), Wi-Fi scan info (to derive approximate geographic location), etc.

We then looked further into the apps and statically analysed all those apps that required ACCESS_WIFI_STATE permission. To our surprise, we found that apps in almost all the categories (even apps in wallpapers and comics category) are calling Java methods (that are protected by this permission) to access aforementioned Wi-Fi related information. Below is the figure from our paper which depicts the categories of apps requesting this information.

Category wise distribution of apps accessing ACCESS_WIFI_STATE Android permission

Category wise distribution of apps accessing ACCESS_WIFI_STATE Android permission

We dynamically analysed 88 apps (those apps which looked interesting to us based on the results from static analysis) to check if these apps really access and send this information over the Internet. We found that is was the case for the third party library of InMobi that was accessing Wi-Fi related data and sending it back to their servers (See figure below).

Servers where Wi-Fi related info is sent by 88 apps that were dynamically analyzed

Servers where Wi-Fi related info is sent by 88 apps that were dynamically analyzed

The result of the Wi-Fi Scan Info collected by InMobi can be used to derive the location of the device. Indeed, this information is the list of nearby Wi-Fi access points (identified by their BSSID) which can be used to obtain the geolocation of the device using trilateration techniques. This method is actually used by most mobile Operating System to obtain a geolocation without relying on the GPS, but the resulting geolocation information is always protected by the geolocation permission. However, we found that many of those apps who use InMobi are in fact not requesting the geolocation permission but surreptitiously computing it by abusing ACCESS_WIFI_STATE permission on Android.

Geolocation based on nearby Wi-Fi Access Points.

Geolocation based on nearby Wi-Fi Access Points.

Two years after our research was published, the Federal Trade Commission (FTC)  reached a $950,000 settlement with InMobi for tracking millions of consumers’ locations, including children, without their knowledge. The FTC allege that InMobi abused the WiFi State information on the Android system to track the location of people without their consent, which is exactly what we showed in our research.  Its policy prevents the FTC of releasing the sources of its investigations, therefore there is no way to affirm that our research triggered this investigation or was used during this investigation. We can only be sure that we identified a privacy issue that was serious enough to justify an investigation of the FTC and a penalty of $950,000. In fact, the penalty is actually 4M$ but the FTC is only asking 950K$ because the company would be bankrupt otherwise. In addition to this, the company is under surveillance for their privacy behaviour for the next 20 years.

 

Back in 2014, we also conducted a survey and found that users do not really understand the privacy implications of this ACCESS_WIFI_STATE permission. The permission looks innocuous but it is really not.
This is because a variety of private information could be derived using the data accessible from this permission (again, check our ACM WiSec paper). Android OS marks its protection level as ‘normal’ (even though location could be derived from the information accessible through this permission) whereas location permissions are marked as ‘dangerous’. As the permission description does not explicitly describe all the possible privacy implications and users do not really understand these privacy implications, we contacted Android security team to report our findings in 2014. They acknowledged reception of our mail and told us that our mail is forwarded to the Internal team. However, the permission is still marked as ‘normal’ and its description is not yet changed.

Update: Although the permission description has not been modified, the Android system has been modified to reduce the privacy issues. More specifically, the getScanResults method, which give access to the list of nearby Wi-Fi access points and thus the location, is now protected by location permissions. However the getConnectionInfo method, which exposes the device’s location through the identifiers of the currently connected network, is still only protected by Wi-Fi permissions and not by location permissions.

The getScanResults of Android's WiFiManager method now requires location permission.

The getScanResults of Android’s WiFiManager method now requires location permission.

We hope this ruling will lead advertisement and analytics companies to think twice before abusively collecting sensitive information without being clear about the data collection.

This research is a joint work between Inria Privatics team and Eurecom. It has been partially supported by the Inria CAPPRIS initiative.

Jun 23

MyTrackingChoices is awarded the ‘Data Protection by Design’ award by Catalan Data Protection Authority

MyTrackingChoices is awarded the ‘Data Protection by Design’ award by Catalan Data Protection Authority.
Congrats to the team.
Please click here to see the announcement at the Catalan Data Protection web page.
This has drawn attention of some Spanish and catalan media agencies:
Lavanguardia
Informativojuridico
Agencia.abc.es
Confilegal
Reusdigital
tarragonaradio

Jan 18

MyRealOnlineChoices project

New project called “MyRealOnlineChoices” from Privatics team tries to give back fine-grained control to users over widespread tracking taking place today on the Web.
By doing this and bringing more transparency in the ad-delivery process on the Web, we come up with a solution that may help sustain ad-based economy of the Web.
You can find out more information about the project here: https://myrealonlinechoices.inrialpes.fr/

Oct 08

Vincent Roca talking about Geolocation Data [Radio] [French]

Vincent Roca talking about geolocation data on France Culture Radio:
“Géolocalisation, combien se vendent nos trajets ?”

Listen here.

roca20151007_170309France_Culture_logo_2005.svg

Sep 29

Vincent Roca talking about smartphone and privacy [Podcast] [French]

Vincent Roca talking about smartphone and privacy in an Interstices Podcast.

Listen here:

smartphone-doigt

Sep 16

Best paper award at Information Security Conference (ISC 2015)

A research paper co-authored by Daniel Le Métayer (Privatics) has received the Best Paper Award at the Information Security Conference (ISC 2015).

Reasoning about privacy properties of biometric system architectures in the presence of information leakage
Julien Bringer, Hervé Chabanne, Danie Le Métayer and Roch Lescuyer

http://isc2015.item.ntnu.no/program.php

Jun 11

Oui, la loi sur le renseignement prépare bien une surveillance de masse, tribune de C. Castelluccia et D. Le Métayer dans “Le Monde”, 09.06.2015

Oui, la loi sur le renseignement prépare bien une surveillance de masse

Le Monde.fr |   • Mis à jour le  | Par  Daniel Le Métayer (Directeur de Recherche à l’Institut national de recherche en informatique et en automatique (Inria)) et Claude Castelluccia (Directeur de Recherche à l’Institut national de recherche en informatique et en automatique (Inria))

En savoir plus sur http://www.lemonde.fr/idees/article/2015/06/09/oui-la-loi-sur-le-renseignement-prepare-bien-une-surveillance-de-masse_4650358_3232.html

Jun 11

Renseignement : le traitement massif de données est aussi dangereux qu’inefficace. Article de C.Castelluccia et D.Le Métayer dans “Pour La Science”, Juillet 2015.

Renseignement : le traitement massif de données est aussi dangereux qu’inefficace

Au nom de la lutte contre le terrorisme, la France a adopté un dispositif de détection de profils de comportements suspects inopérant, coûteux et menaçant pour la vie privée.

Claude Castelluccia et Daniel Le Métayer

http://www.pourlascience.fr/ewb_pages/a/article-renseignement-le-traitement-massif-de-donnees-est-aussi-dangereux-qu-apos-inefficace-35406.php

Older posts «