Privacy Leakage Analysis for Colluding Smart Apps

The rapid proliferation of Internet-of-Things (IoT) has advanced the development of smart environments. By installing smart apps on IoT platforms, users can integrate IoT devices for convenient automation. As smart apps are exposed to a myriad of sensitive data from devices, one severe concern is about the privacy of these digitally augmented spaces. The recent work SAINT [1] has been proposed to detect sensitive data flows in individual smart apps using taint analysis. But it has high false positives and false negatives due to inappropriate consideration of taint seeds and taint sinks.One important security issue ignored by existing work is that the IoT platform supports parent-child smart apps. Their ability to communicate, however, has a negative effect on security. We call the parent-child smart apps colluding smart apps. Unfortunately, no tool exists to detect smart app collusion. We propose PDColA, which addresses the limitations of SAINT, and more importantly, can detect privacy leakages by colluding smart apps. The evaluation results show that PDColA achieves higher accuracies than SAINT in detecting privacy leakages by individual smart apps, and is effective to detect privacy leakages by colluding smart apps.