Bind your phone number with caution: automated user profiling through address book matching on smartphone

  • Authors:

  • Yao Cheng;Lingyun Ying;Sibei Jiao;Purui Su;Dengguo Feng

  • Affiliations:

  • Institute of Software, Chinese Academy of Sciences, Beijing, China;Institute of Software, Chinese Academy of Sciences, Beijing, China;Institute of Software, Chinese Academy of Sciences, Beijing, China;Institute of Software, Chinese Academy of Sciences, Beijing, China;Institute of Software, Chinese Academy of Sciences, Beijing, China

  • Venue:
  • Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

Due to the cost-efficient communicating manner and attractive user experience, messenger applications have dominated every smartphone in recent years. Nowadays, Address Book Matching, a new feature that helps people keep in touch with real world contacts, has been loaded in many popular messenger applications, which unfortunately as well brings severe privacy issues to users. In this paper, we propose a novel method to abuse such feature to automatically collect user profiles. This method can be applied to any application equipped with Address Book Matching independent of mobile platforms. We also build a prototype on Android to verify the effectiveness of our method. Moreover, we integrate profiles gathered from different messenger applications and provide insights by performing a consistency and authenticity analysis on user profile fields. As our experiments show, the abuse of Address Book Matching can cause severe user privacy leakage. Finally, we provide some countermeasures for developers to avoid this issue when designing messenger applications.