An Insight into Android Side-Channel Attacks

Leakage of sensitive information is still considered one of the potential security threats to mobile operating systems including Android. The Android OS contains some security weaknesses which make it vulnerable to various attacks. One of these design weakness is the side-channel including memory and network-data usage. By monitoring such channels, Android application (app in short) with no permissions (zero-permission) may obtain some private information that is stored on user's mobile devices such as user's identity, login info, and the geo-location. In this study, we review side-channel attacks as well as runtime information attacks. Moreover, we survey the discovered side-channels of information leaks on Android. To the best of our knowledge, this is the first study that covers both the Android side-channels and runtime information attacks used to leak information.