AndroTIME - Identifying Timing Side Channels in the Android API.

The permission system of Android has continuously evolved to better guard the privacy of users. New permissions have been introduced and existing methods which were abused now require a permission or have been entirely removed. Retrieving private data about users without their consent is thus getting continuously harder for applications. In this paper, we systematically analyse how timing-based side channels in the Android API can be used to circumvent this tight permission system. We introduce AndroTIME, a framework to automatically detect such side channels in the Android API. Using this automated approach, we were able to identify several new timing-based side-channel leaks in Android 10 and Android 11. The detected side channels enable querying for installed applications, active accounts, files, and browser logins. The leaked information could be used to fingerprint users, detect secret user habits, or even infer a concrete user identity.