AndroTIME: Identifying Timing Side Channels in the Android API

Gerald Palfinger*, Bernd Prünster, Dominik Ziegler

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


The permission system of Android has continuously evolved to better guard the privacy of users. New permissions have been introduced and existing methods which were abused now require a permission or have been entirely removed. Retrieving private data about users without their consent is thus getting continuously harder for applications.
In this paper, we systematically analyse how timing-based side channels in the Android API can be used to circumvent this tight permission system. We introduce AndroTIME, a framework to automatically detect such side channels in the Android API. Using this automated approach, we were able to identify several new timing-based side-channel leaks in Android 10 and Android 11. The detected side channels enable querying for installed applications, active accounts, files, and browser logins. The leaked information could be used to fingerprint users, detect secret user habits, or even infer a concrete user identity.
Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
EditorsGuojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan
Place of PublicationChina
Number of pages8
ISBN (Electronic)9781665403924
Publication statusPublished - 2021
Event19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications: TrustCom 2020 - Guangdong Hotel, Hybrider Event, Guangzhou, China
Duration: 29 Dec 20201 Jan 2021


Conference19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Abbreviated titleIEEE TrustCom 2020
CityHybrider Event, Guangzhou
Internet address


Dive into the research topics of 'AndroTIME: Identifying Timing Side Channels in the Android API'. Together they form a unique fingerprint.
  • A-SIT - Secure Information Technology Center Austria

    Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.


    Project: Research area

Cite this