(In)visible Privacy Indicator: Security Analysis of Privacy Indicator on Android Devices

In Android 12, Google introduced a new security feature called the privacy indicator to protect users from spyware. The privacy indicator visually alerts users by displaying a green circle in the notification bar when an application accesses the camera. While this feature initially appears effective, our work has identified two possible attack scenarios that can undermine it. The first attack uses screen overlay techniques with a higher Z-order and deceptive status bar layouts to make it difficult to see the privacy indicator. In a user study involving 44 participants, only 13.6% of participants recognized the indicator under UI overlay attacks, compared to 63.6% in default Android 12 settings. The second attack exploits device configurations to disable the privacy indicator. Our findings were reported to the developers of the Android system UI at Samsung Electronics and the Google Issue Tracker, and we received acknowledgments from both parties. As countermeasures, we recommend ensuring the integrity of the privacy indicator using trusted execution facilities. We introduce a proof-of-concept solution called SEPI (Security-Enhanced Privacy Indicator), which utilizes a secure hypervisor and ARM TrustZone. SEPI is designed to detect camera and microphone activities, subsequently displaying the relevant indicator with the highest Z-order in a securely isolated display buffer. Our experimental findings revealed only a minimal 3.3% reduction in benchmark scores compared to the device’s default operational state. The SEPI privacy indicator is displayed with a negligible mean delay of 20.92 ms.