Why and How to Perform Fraud Experiments
IEEE Security and Privacy
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
Abusing social networks for automated user profiling
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Indirect content privacy surveys: measuring privacy without asking about it
Proceedings of the Seventh Symposium on Usable Privacy and Security
MockDroid: trading privacy for application functionality on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Hi-index | 0.00 |
Due to the cost-efficient communicating manner and attractive user experience, messenger applications have dominated every smartphone in recent years. Nowadays, Address Book Matching, a new feature that helps people keep in touch with real world contacts, has been loaded in many popular messenger applications, which unfortunately as well brings severe privacy issues to users. In this paper, we propose a novel method to abuse such feature to automatically collect user profiles. This method can be applied to any application equipped with Address Book Matching independent of mobile platforms. We also build a prototype on Android to verify the effectiveness of our method. Moreover, we integrate profiles gathered from different messenger applications and provide insights by performing a consistency and authenticity analysis on user profile fields. As our experiments show, the abuse of Address Book Matching can cause severe user privacy leakage. Finally, we provide some countermeasures for developers to avoid this issue when designing messenger applications.