%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2C3E50', 'primaryTextColor': '#fff', 'primaryBorderColor': '#16A085', 'lineColor': '#E67E22', 'secondaryColor': '#16A085', 'tertiaryColor': '#E67E22'}}}%%
flowchart LR
A[Data Collection<br/>and Permissions] --> B[Privacy Leak<br/>Detection]
B --> C[Location<br/>Privacy Leaks]
C --> D[Wi-Fi and<br/>Sensing Privacy]
style A fill:#2C3E50,stroke:#16A085,color:#fff
style B fill:#2C3E50,stroke:#16A085,color:#fff
style C fill:#2C3E50,stroke:#16A085,color:#fff
style D fill:#2C3E50,stroke:#16A085,color:#fff
1464 Mobile Privacy
1464.1 Overview
Mobile devices generate vast amounts of sensitive user data through sensors, location services, Wi-Fi connections, and cellular networks. Understanding how this data is collected, shared, and potentially leaked is crucial for protecting user privacy in IoT ecosystems where mobile phones often serve as gateways.
This topic is covered in four focused chapters:
1464.2 Chapter Guide
1464.2.1 1. Mobile Data Collection and Permissions
Learn what data mobile devices collect and how Android/iOS permission models attempt to control access. Topics include:
- Mobile sensor data types (location, accelerometer, microphone)
- Android permission tiers (normal, dangerous, special)
- Permission risk assessment and combination dangers
- Why permission models fail to protect privacy
1464.2.2 2. Privacy Leak Detection
Discover techniques for detecting unauthorized data exfiltration from mobile apps. Topics include:
- Data Flow Analysis (DFA) from sources to sinks
- Capability leaks through shared User IDs
- TaintDroid dynamic taint tracking
- Static analysis with LeakMiner
- Comparing static vs dynamic analysis trade-offs
1464.2.3 3. Location Privacy Leaks
Understand why location data is especially dangerous and how de-anonymization attacks work. Topics include:
- What location traces reveal about individuals
- De-anonymization using home and work inference
- K-anonymity requirements (K >= 5,000 for mobility)
- Why differential privacy fails for trajectories
- Location privacy defenses
1464.2.4 4. Wi-Fi and Sensing Privacy
Learn how Wi-Fi and motion sensors create additional tracking vectors. Topics include:
- Wi-Fi probe request privacy leaks
- MAC address randomization limitations
- Mobile sensing de-anonymization
- Zero-permission motion sensor attacks
- Comprehensive protection frameworks
1464.3 Key Takeaways
- 4 spatiotemporal points uniquely identify 95% of individuals
- Mobile sensing requires K >= 5,000 for anonymity (1,000x more than movie ratings)
- 73% of apps send data to third-party tracking companies
- Motion sensors require zero permissions but enable 70-80% keystroke inference
- MAC randomization fails due to timing patterns and SSID leakage
1464.4 Learning Path
1464.5 Prerequisites
Before starting this series, you should be familiar with:
- Introduction to Privacy: Fundamental privacy concepts and regulations
- Security and Privacy Overview: Security threats and privacy risks
- Networking Basics: Wi-Fi, cellular, and Bluetooth protocols
1464.6 Whatβs Next
After completing the Mobile Privacy series, continue to Secure Data and Software to learn how to prevent web application vulnerabilities, implement secure coding practices, and protect IoT protocols.
Start with Mobile Data Collection and Permissions β