Malicious Apps May Exploit Smartphone's Vulnerabilities to Detect User Activities

In order to make apps functional, mobile operating systems, such as Android, allow applications to access some system data without asking for user permission. We demonstrate that by analyzing these system data and some side channel information, it is possible to gain insight into a smartphone user’s behavior, thus putting their privacy at risk. With these real-time privacy information collected, a malicious attacker may launch spear phishing attacks with much higher yield rates. In this thesis, we study a combination of power consumption, network traffic, and memory usage of several commonly used activities, and demonstrated that it is possible to classify a user’s smartphone activities into one of six categories, which are Video, Game, Internet, Music, Idle, and Phone Call. We designed several experiments to test the classification which resulted in high success rates. We also present the possibility of detecting transitions of smartphone activities.