Saved in:
Bibliographic Details
Main Authors: Yadav, Harish, Maurya, Vikas, Jindal, Abhilash, Kumar, Vireshwar
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2512.01595
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908683945902080
author Yadav, Harish
Maurya, Vikas
Jindal, Abhilash
Kumar, Vireshwar
author_facet Yadav, Harish
Maurya, Vikas
Jindal, Abhilash
Kumar, Vireshwar
contents Android employs a permission framework that empowers users to either accept or deny sharing their private data (for example, location) with an app. However, many apps tend to crash when they are denied permission, leaving users no choice but to allow access to their data in order to use the app. In this paper, we introduce a comprehensive and robust user data spoofing system, WhiteLie, that can spoof a variety of user data and feed it to target apps. Additionally, it detects privacy-violating behaviours, automatically responding by supplying spoofed data instead of the user's real data, without crashing or disrupting the apps. Unlike prior approaches, WhiteLie requires neither device rooting nor altering the app's binary, making it deployable on stock Android devices. Through experiments on more than 70 popular Android apps, we demonstrate that WhiteLie is able to deceive apps into accepting spoofed data without getting detected. Our evaluation further demonstrates that WhiteLie introduces negligible overhead in terms of battery usage, CPU consumption, and app execution latency. Our findings underscore the feasibility of implementing user-centric privacy-enhancing mechanisms within the existing Android ecosystem.
format Preprint
id arxiv_https___arxiv_org_abs_2512_01595
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle WhiteLie: A Robust System for Spoofing User Data in Android Platforms
Yadav, Harish
Maurya, Vikas
Jindal, Abhilash
Kumar, Vireshwar
Cryptography and Security
Android employs a permission framework that empowers users to either accept or deny sharing their private data (for example, location) with an app. However, many apps tend to crash when they are denied permission, leaving users no choice but to allow access to their data in order to use the app. In this paper, we introduce a comprehensive and robust user data spoofing system, WhiteLie, that can spoof a variety of user data and feed it to target apps. Additionally, it detects privacy-violating behaviours, automatically responding by supplying spoofed data instead of the user's real data, without crashing or disrupting the apps. Unlike prior approaches, WhiteLie requires neither device rooting nor altering the app's binary, making it deployable on stock Android devices. Through experiments on more than 70 popular Android apps, we demonstrate that WhiteLie is able to deceive apps into accepting spoofed data without getting detected. Our evaluation further demonstrates that WhiteLie introduces negligible overhead in terms of battery usage, CPU consumption, and app execution latency. Our findings underscore the feasibility of implementing user-centric privacy-enhancing mechanisms within the existing Android ecosystem.
title WhiteLie: A Robust System for Spoofing User Data in Android Platforms
topic Cryptography and Security
url https://arxiv.org/abs/2512.01595