The flexibility of Android is mainly based on the cross application (app for short) access mechanism. Aside from providing convenience for both app developers and users, such a mechanism also brings the data in external storage which originally regarded harmless into serious privacy breaches. In this paper, we studied various popular apps and developed three different attacks leveraging the public information freely available to zero-permission apps. The first attack can smuggle out the sensitive data which reveals the victim's profile information directly, such as real name, phone number, email address, social networking accounts, etc. With the help of image comparing techniques and current social networking services, we can find out the owners of the phone numbers acquired from a victim's WhatsApp with a high probability. Moreover, the location of the victim is also not spared in the disaster. Comparing to the previous location inferring attacks, our approach is more general since the victim's identity is also acquired by our attack. These three attacks reveal the privacy risks of external storage are much more serious than people previously thought and need to be addressed urgently. In fact, all these threats are caused by the file system used by external storage which calls into question the reasonability of the assumptions on the cross app access mechanism. To the end, we propose a preliminary mitigation approach to achieve a delicate balance between utility and privacy of the data stored in external storage.
more here......................http://arxiv.org/pdf/1407.5410v1.pdf
more here......................http://arxiv.org/pdf/1407.5410v1.pdf