Gaming the Gamer: Adversarial Fingerprinting of Gaming Apps using Smartphone Accelerometers

A wide range of mobile applications continuously access motion and orientation sensor data to learn patterns for their operations. This unfeterred access to rich streams of data from multiple sensors raises the question of whether sensitive personal information might be inferred by these sensor-oriented applications. In this paper, we demonstrate a previously unexplored privacy threat that could be posed by a rogue background mobile app accessing sensor data on a smartphone. The core driving mechanism behind the attack is that the unique GUI components of different apps cause unique sensor data patterns during routine usage of the apps. This in turn makes it possible to fingerprint a specific app and identify it based on its associated sensor signature. Using the most popular mobile gaming apps as a case study, we show the attack to attain up to 75% in one attempt and about 93% in the three attempts. The paper further questions the idea of apps having access to motion and orientation sensor data without asking for permission from the end-users.