Analyzing Defense Strategies Against Mobile Information Leakages: A Game-Theoretic Approach

Abuse of zero-permission sensors on-board mobile and wearable devices to infer users' personal context and information is a well-known privacy threat that has received significant attention. Efforts towards protection mechanisms that prevent or limit the success of such threats, however, have been ad-hoc so far and have primarily focused on designing threat-specific customized defense mechanisms. Such approaches are not very practical, as evident from their limited adoption within major mobile/wearable operating systems. In the end, it is clear that all privacy threats that take advantage of unrestricted access to zero-permission sensors can be prevented if access to these sensors is regulated. However, due to the dynamic nature of sensor usage and requirements of different mobile applications, design of such access control mechanisms is not trivial. To effectively design an automated mobile defense mechanism that can dynamically measure the threat level of different sensor access requests from different applications and appropriately block suspicious requests, the problem of zero-permission sensor access needs to be first formally defined and analyzed. This paper accomplishes the above objective by employing game theory, specifically, signaling games, to analytically model the sensor access scenario for mobile applications, including, formalizing sensor access strategies of mobile applications and defense strategies of the on-board defense mechanism and the associated costs and benefits. Within the confines of a formal and practical game model, the paper then outlines conditions under which equilibria can be achieved between entities (applications and defense mechanism) with conflicting goals. The game model is further analyzed using numerical simulations, and also extended in the form of a repeated signaling game.