Construction and Mitigation of User-Behavior-Based Covert Channels on Smartphones

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

View graph of relations


  • Wen Qi
  • Wanfu Ding
  • Yichen Xu
  • Kejie Lu

Related Research Unit(s)


Original languageEnglish
Pages (from-to)44-57
Journal / PublicationIEEE Transactions on Mobile Computing
Issue number1
Online published24 Apr 2017
Publication statusPublished - Jan 2018


To protect user privacy, many smartphone systems adopt the permission-based mechanism in which a user can evaluate the risk of requests for private information from a mobile app before installing it. However, recent studies show that the permission based mechanism is vulnerable to application collusion attacks because two apps, which appear to be harmless individually, can establish a covert channel and use it to leak confidential information. Consequently, people have designed some covert channel detection schemes, by checking abnormal status of the phone. In this paper, we point out that existing covert channel detection schemes may fail to detect a new type of collusion attacks referred as user-behavior-based covert channels. We implement three covert channels on Android smartphones. Our work sets a new alarm for the security issue of using smartphones. We then study the countermeasures to this new type of covert channels. Instead of trying to directly detect the proposed new type of covert channels, we propose two mitigation solutions to reduce the effectiveness of such covert channels. The mitigation solutions are also valid to other existing sensor-based side channels and/or covert channels on the phone.

Research Area(s)

  • Smartphone security, covert channel, application collusion attack, motion sensor, mitigation