{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:32:17Z","timestamp":1760239937062,"version":"build-2065373602"},"reference-count":31,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2019,1,24]],"date-time":"2019-01-24T00:00:00Z","timestamp":1548288000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Informatics"],"abstract":"<jats:p>Mobile sensors have already proven to be helpful in different aspects of people\u2019s everyday lives such as fitness, gaming, navigation, etc. However, illegitimate access to these sensors results in a malicious program running with an exploit path. While the users are benefiting from richer and more personalized apps, the growing number of sensors introduces new security and privacy risks to end users and makes the task of sensor management more complex. In this paper, first, we discuss the issues around the security and privacy of mobile sensors. We investigate the available sensors on mainstream mobile devices and study the permission policies that Android, iOS and mobile web browsers offer for them. Second, we reflect the results of two workshops that we organized on mobile sensor security. In these workshops, the participants were introduced to mobile sensors by working with sensor-enabled apps. We evaluated the risk levels perceived by the participants for these sensors after they understood the functionalities of these sensors. The results showed that knowing sensors by working with sensor-enabled apps would not immediately improve the users\u2019 security inference of the actual risks of these sensors. However, other factors such as the prior general knowledge about these sensors and their risks had a strong impact on the users\u2019 perception. We also taught the participants about the ways that they could audit their apps and their permissions. Our findings showed that when mobile users were provided with reasonable choices and intuitive teaching, they could easily self-direct themselves to improve their security and privacy. Finally, we provide recommendations for educators, app developers, and mobile users to contribute toward awareness and education on this topic.<\/jats:p>","DOI":"10.3390\/informatics6010007","type":"journal-article","created":{"date-parts":[[2019,1,24]],"date-time":"2019-01-24T11:12:48Z","timestamp":1548328368000},"page":"7","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["What Is This Sensor and Does This App Need Access to It?"],"prefix":"10.3390","volume":"6","author":[{"given":"Maryam","family":"Mehrnezhad","sequence":"first","affiliation":[{"name":"School of Computing, Newcastle University, Newcastle upon Tyne NE4 5TG, UK"}]},{"given":"Ehsan","family":"Toreini","sequence":"additional","affiliation":[{"name":"School of Computing, Newcastle University, Newcastle upon Tyne NE4 5TG, UK"}]}],"member":"1968","published-online":{"date-parts":[[2019,1,24]]},"reference":[{"key":"ref_1","unstructured":"Planet of the Phones (2018, November 30). From the Print Edition by The Economist. Available online: http:\/\/www.economist.com\/news\/leaders\/21645180-smartphone-ubiquitous-addictive-and-transformative-planet-phones."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"De Luca, A., Hang, A., Brudy, F., Lindner, C., and Hussmann, H. (2012, January 5\u201310). Touch Me Once and I Know It\u2019s You!: Implicit Authentication Based on Touch Screen Patterns. Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2012, Austin, TX, USA.","DOI":"10.1145\/2207676.2208544"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Bo, C., Zhang, L., Li, X.Y., Huang, Q., and Wang, Y. (October, January 30). SilentSense: Silent User Identification via Touch and Movement Behavioral Biometrics. Proceedings of the 19th ACM Annual International Conference on Mobile Computing and Networking, MobiCom 2013, Miami, FL, USA.","DOI":"10.1145\/2500423.2504572"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Li, H., Ma, D., Saxena, N., Shrestha, B., and Zhu, Y. (2013, January 13\u201315). Tap-Wave-Rub: Lightweight Malware Prevention for Smartphones Using Intuitive Human Gestures. Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2013, Nanjing, China.","DOI":"10.1145\/2462096.2462101"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Mayrhofer, R., and Gellersen, H. (2007). Shake Well Before Use: Authentication Based on Accelerometer Data. Pervasive Computing, Springer.","DOI":"10.1007\/978-3-540-72037-9_9"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Hao, F., and Shahandashti, S. (2015, January 18\u201322). Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment. Proceedings of the Second International Conference on Research in Security Standardisation, SSR 2015, San Juan, PR, USA.","DOI":"10.1007\/978-3-319-27152-1_2"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Simon, L., and Anderson, R. (2013, January 9\u201314). PIN Skimmer: Inferring PINs Through the Camera and Microphone. Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones Mobile Devices, SPSM 2013, Atlanta, GA, USA.","DOI":"10.1145\/2516760.2516770"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Spreitzer, R. (2014, January 3\u20137). PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices. Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones Mobile Devices, SPSM 2014, Scottsdale, AZ, USA.","DOI":"10.1145\/2666620.2666622"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Xu, Z., Bai, K., and Zhu, S. (2012, January 28\u201330). TapLogger: Inferring User Inputs on Smartphone Touchscreens Using On-board Motion Sensors. Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, Paphos, Cyprus.","DOI":"10.1145\/2185448.2185465"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Ali, M., Hao, F., and van Moorsel, A. (2016, January 16\u201320). NFC Payment Spy: Privacy attacks on contactless payments using NFC-enabled mobile. Proceedings of the Third International Conference on Research in Security Standardisation, SSR 2016, San Diego, CA, USA.","DOI":"10.1007\/978-3-319-49100-4_4"},{"key":"ref_11","first-page":"23","article-title":"TouchSignatures: Identification of user touch actions and PINs based on mobile sensor data via JavaScript","volume":"26","author":"Mehrnezhad","year":"2016","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Toreini, E., Shahandashti, S., and Hao, F. (2015, January 14\u201317). TouchSignatures: Identification of User Touch Actions Based on Mobile Sensors via JavaScript. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, Singapore.","DOI":"10.1145\/2714576.2714650"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Toreini, E., Shahandashti, S.F., and Hao, F. (2016, January 18). Stealing PINs via Mobile Sensors: Actual Risk versus User Perception. Proceedings of the 1st European Workshop on Usable Security, EuroUSEC 2016, Darmstadt, Germany.","DOI":"10.14722\/eurousec.2016.23008"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Toreini, E., Shahandashti, S.F., and Hao, F. (2017). Stealing PINs via mobile sensors: Actual risk versus user perception. Int. J. Inf. Secur., 1\u201323.","DOI":"10.14722\/eurousec.2016.23008"},{"key":"ref_15","unstructured":"Hern, A. (2018, November 30). Tilted Device Could Pinpoint PIN Number for Hackers, Study Claims. Available online: http:\/\/www.theguardian.com\/technology\/2017\/apr\/11\/tilted-device-could-pinpoint-pin-number-for-hackers-study-claims."},{"key":"ref_16","unstructured":"Newsbeat, B. (2018, November 30). The Way People Tilt Their Smartphone Can Give Away Passwords and PINs. Available online: http:\/\/www.bbc.co.uk\/newsbeat\/article\/39565372\/the-way-people-tilt-their-smartphone-can-give-away-passwords-and-pins."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Crager, K., Maiti, A., Jadliwala, M., and He, J. (2017, January 29). Information Leakage through Mobile Motion Sensors: User Awareness and Concerns. Proceedings of the EuroUSEC\u201917, Paris, France.","DOI":"10.14722\/eurousec.2017.23013"},{"key":"ref_18","unstructured":"(2018, November 30). Location and Sensors APIs. Available online: developer.android.com\/guide\/topics\/sensors\/index.htmlt."},{"key":"ref_19","unstructured":"(2018, November 30). Core Motion. Available online: developer.apple.com\/documentation\/coremotion."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Jin, X., Hu, X., Ying, K., Du, W., Yin, H., and Nagesh Peri, G. (2014, January 3\u20137). Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation. Proceedings of the 21th ACM Conference on Computer and Communications Security, CCS 2014, Scottsdale, AZ, USA.","DOI":"10.1145\/2660267.2660275"},{"key":"ref_21","unstructured":"Taylor, V.F., and Martinovic, I. (2018, November 30). A Longitudinal Study of App Permission Usage Across the Google Play Store. Available online: http:\/\/arxiv.org\/abs\/1606.01708."},{"key":"ref_22","unstructured":"(2018, November 30). Device and Sensors Working Group. Available online: https:\/\/www.w3.org\/2009\/dap\/."},{"key":"ref_23","unstructured":"(2018, November 30). Android Sensors. Available online: http:\/\/developer.android.com\/guide\/topics\/sensors\/\\sensors_overview.html."},{"key":"ref_24","unstructured":"Wynne, B. (2016). Misunderstood misunderstanding: Social identities and public uptake of science. Public Underst. Sci."},{"key":"ref_25","unstructured":"Sismondo, S. (2010). An Introduction to Science and Technology Studies, Wiley-Blackwell Chichester."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1177\/030631290020003006","article-title":"The dominant view of popularization: Conceptual problems, political uses","volume":"20","author":"Hilgartner","year":"1990","journal-title":"Soc. Stud. Sci."},{"key":"ref_27","unstructured":"Bucchi, M. (2014). Science and the Media: Alternative Routes to Scientific Communications, Routledge."},{"key":"ref_28","first-page":"87","article-title":"Comparison of Values of Pearson\u2019s and Spearman\u2019s Correlation Coefficients","volume":"30","author":"Hauke","year":"2011","journal-title":"Quaest. Geogr."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Abu-Salma, R., Danilova, A., Sasse, M.A., Naiakshina, A., Bonneau, J., and Smith, M. (2017, January 22\u201326). Obstacles to the adoption of secure communication tools. Proceedings of the 38th IEEE Symposium on Security and Privacy, IEEE S&P \u201917, San Jose, CA, USA.","DOI":"10.1109\/SP.2017.65"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2016.111","article-title":"Developers Are Not the Enemy! The Need for Usable Security APIs","volume":"14","author":"Green","year":"2016","journal-title":"IEEE Secur. Priv."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ronen, E., O\u2019Flynn, C., Shamir, A., and Weingarten, A.O. (2018, November 30). IoT Goes Nuclear: Creating a ZigBee Chain Reaction. Available online: http:\/\/eprint.iacr.org\/2016\/1047.","DOI":"10.1109\/SP.2017.14"}],"container-title":["Informatics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2227-9709\/6\/1\/7\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:28:27Z","timestamp":1760185707000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2227-9709\/6\/1\/7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,24]]},"references-count":31,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,3]]}},"alternative-id":["informatics6010007"],"URL":"https:\/\/doi.org\/10.3390\/informatics6010007","relation":{},"ISSN":["2227-9709"],"issn-type":[{"type":"electronic","value":"2227-9709"}],"subject":[],"published":{"date-parts":[[2019,1,24]]}}}