Analyzing Privacy Implications of Data Collection in Android Automotive OS
September 1, 2024 • 5 min • 932 words •
Information
Authors
Bulut Gozubuyuk, Brian Tang, Kang G. Shin , Mert D. Pesé
Conference
Under submission at PETS. Title changed for anonymity
Blog
Intro
Modern vehicles have become sophisticated computation and sensor systems, as evidenced by advanced driver assistance systems (ADAS), in-car infotainment, and autonomous driving capabilities. They collect and process vast amounts of data through various embedded subsystems. One significant player in this landscape is Android Automotive OS (AAOS), which has integrated into over 100M vehicles and has become a dominant force in the in-vehicle infotainment (IVI) market. With this extensive data collection, privacy concerns have become increasingly crucial. The volume of data gathered by these systems raises questions about how this information is stored, used, and protected, making privacy a critical issue for manufacturers and consumers. However, very little has been done on vehicle data privacy. This paper focuses on the privacy implications of AAOS, examining the exact nature and scope of data collection and the corresponding privacy policies from the original equipment manufacturers (OEMs). We develop a novel automotive privacy analysis tool called PriDrive which employs three methodological approaches: network traffic inspection, and both static and dynamic analyses of Android images using rooted emulators from various OEMs. These methodologies are followed by an assessment of whether the collected data types were properly disclosed in OEMs and 3rd party apps’ privacy policies (to identify any discrepancies or violations). This allows for a thorough evaluation of OEMs’ adherence to their stated privacy policies. Our evaluation with static and dynamic analyses on three different OEM platforms reveals that some OEMs collect much more data than others. OEM A collects vehicle speed at a sampling rate of roughly 25 Hz. Meanwhile, other properties such as model info, climate & AC, seat data, and others are collected in a batch 30 seconds into vehicle startup. In addition, several vehicle property types were collected without disclosure in their respective privacy policies. For example, OEM A’s policies only cover 110 vehicle properties or 13.02% of the properties found in our static analysis. Finally, an analysis of the data usage purposes declared in privacy policies indicates that data is being used for advertising, insurance, financing, and is shared with 3rd parties.
RQ1: From permissions and properties in APK source code, what insights can we derive about potentially collected data, including the permissions and properties that are present? It should be noted that the presence of these elements may suggest but do not confirm data collection.
RQ2: Through the use of dynamic analysis techniques via Frida, we aim to understand which callback functions to the in-vehicle network are active during the runtime execution of an Android Automotive application, and what indicators can be collected through monitoring. However, the data collected is not exhaustive, and its presence does not necessarily mean that data has been or will be collected or shared.
RQ3: How can we determine the data is transferred and the contents included in the payload using Man-in-the-Middle (MITM) network analysis? We would like to seek clear evidence of data transportation.
RQ4: Can we analyze the data to find patterns and correlate data properties found in the static and dynamic analyses with those disclosed in privacy policies? By processing the privacy policies, we can determine data usage purposes for specific data types.
Design Overview
We propose PriDrive, a web application that initiates by setting up an emulator and preparing it for subsequent analyses. The system is designed to conduct static, dynamic and network analyses. Data gathered from these processes are utilized for a privacy policy and permissions evaluation. The final output is a comprehensive report that identifies discrepancies between the privacy policies and potential privacy/permissions breaches detected in the system, which may arise from the network, static, or dynamic analysis findings.
Discussion
According to our collected traces, OEM A has demonstrated a comprehensive approach to vehicle monitoring through the data collected in their Android Automotive system. This method includes multiple elements of vehicle functionality and driver engagement, such as:
- Information about the vehicle make, model and model year is collected in the Google Maps application. These properties could be aggregated to easily identify the exact vehicle.
- OEM A monitors their vehicles in real-time, based on the data from their AAOS, especially the vehicle speed, which is captured approximately 20 times per second. The speed property could be used to infer other data, such as stops, turns, driving habits, or risky driving behaviors.
- The status of the parking brake and various HVAC (Heating, Ventilation, and Air Conditioning) settings, including maximum AC, fan direction, fan speed, and seat temperature, are monitored, which are comfort attributes.
- Data on turn signal state, tire pressure, and even the state of fog lights are recorded. This highlights OEM A’s concentration on detailed driving dynamics and vehicle status.
- The system also captures more specialized data, such as the headlight and hazard light states, seat adjustments, and the status of electric vehicle (EV) charge ports.
- Vehicle state information is collected regularly upon startup via a batched data dump.
The apps that send the most data over HTTPS in each OEM include analytics and services apps. These apps use significantly more network traffic compared to prebuilt Android apps. OEM A’s V2XService, RadioTuner, and OEMAnalytics apps all send tens to hundreds of MB of data to servers. Upon conducting reverse IP lookups, a majority of IPs are Google datacenters in California, Ireland, Singapore, and other locations.
Citation
@inproceedings{gozubuyuk2025aaosprivacy,
author={Gozubuyuk, Bulut and Tang, Brian and Pesé, Mert D. and Shin, Kang G.},
title={Analyzing Privacy Implications of Data Collection in Android Automotive OS},
booktitle={25th Privacy Enhancing Technologies Symposium},
year={2025},
}"