Security analysis of mobile crowd sensing applications

The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of users such as their real-time location. When such information are not effectively secured, users ’ privacy can be violated due to eavesdropping and information disclosure. In this paper, we demonstrated the possibility of unauthorized access to location information of a user during sensing due to the ineffective security mechanisms in most sensing applications. We analyzed 40 apps downloaded from Google Play Store and results showed a 100% success rate in traffic interception and disclosure of sensitive information of users. As a countermeasure, a security scheme which ensures encryption and authentication of sensed data using Advanced Encryption Standard 256-Galois Counter Mode was proposed. End-to-end security of location and motion data from smartphone sensors are ensuredusingtheproposedsecurityscheme.Securityanalysisoftheproposedschemeshowedittobeeffective inprotectingAndroidbasedsensordataagainsteavesdropping,informationdisclosureanddatamodification.


Introduction
The power of mobile devices is utilized in the new sensing paradigm called Mobile Crowd Sensing (MCS) [1]. This new and ever-growing trend exploits sensing and mobility features of mobile phones, and wearable devices to obtain knowledge such as personal and surrounding context, location, traffic conditions, noise levels, etc. It is estimated that by 2018, there will be about 3.3 billion connected mobile devices [2], and new mobile applications such as smart city [3], medical cyber physical systems [4] and real-time mobile cloud applications are expected to attain their full potentials [5].

Analysis of mobile crowd sensing applications
In smartphones for instance, inherent sensors such as gyroscope, accelerometer, GPS, magnetometer are used for acquisition of both personal and environmental data. They also have high computation and communication capabilities which enable processing and transmission of sensed data [6]. These features make mobile sensing devices different from the traditional IoT objects (e.g., mote-class sensors).
MCS can be formally defined as a platform that allows citizens with sensing devices (smartphones, tablets, wearable devices) collect and contribute sensed data which are later aggregated and fused in the cloud to extract information useful for people-centric delivery [1]. Environment, traffic, social behaviour and healthcare monitoring are possible by fusing and analyzing multi-dimensional information from mobile sensing devices. In MCS applications, sensor data can be collected with active user involvement (as in participatory sensing) [7] or automatically with minimal user involvement (opportunistic sensing) [8]. Also, these applications can be grouped into two categories, personal and community sensing based on the type of event being observed at any given time. In personal sensing applications, an individual is the focus of the sensing event; examples are human activity recognition (e.g., walking, jogging, running) and transport mode prediction [9]. Meanwhile, community sensing focuses on large-scale events that cannot be captured easily by a single individual. Examples are air pollution and traffic congestion monitoring. In this category of sensing, events are accurately measured when sensed data are gathered from several individuals (participants). However, data collection is the main purpose for the development of either personal or community sensing applications.
Despite its benefits, MCS applications still face challenges such as quality and reliability of sensed data (data and user trustworthiness) [10], incentivizing participants [11,12], energy consumption of mobile sensing devices [9,13], sensor data annotation [14], security and privacy [15,16]. The quality and reliability of sensed data is a lingering issue in MCS applications, as participants could deliberately report low-quality or fake data. Furthermore, the quality of sensed data can be reduced when data from faulty sensors are collected and recorded during sensing activities. To improve data quality in MCS, data selection, quality estimation and fault filtering techniques are necessary. However, user's participation determines the quality of collected data, which makes incentivizing of users important in achieving a successful MCS system [17]. Security and privacy is another pressing issue and this raises concerns with personal data shared in MCS applications as sensitive information such as location of users are vulnerable to privacy attacks [1]. An adversary can intercept MCS traffic in order to capture sensitive information of users contained in sensor data as shown in Figure 1. For example, GPS sensor readings can be used by an adversary to infer personal information of individuals pertaining to their daily routes to work and their home locations [9].
Efforts have been made by researchers in detecting loopholes in both sensing applications and transmission protocols responsible for the vulnerability of sensitive information of users. However, an in-depth vulnerability analysis of raw data from smartphone based location and motion sensors is lacking. To this effect, we show how dynamic analysis can be used to test the security of raw sensor data in Android-based sensing applications. We aim to analyze the possibility of sensor data interception and location information disclosure of users during mobile sensing. To achieve this, Burp suite (a penetration testing tool) is used for the vulnerability assessment of 40 Android-based sensing applications. Thereafter, a security scheme that offers end-to-end security to sensitive data during mobile sensing is proposed. The contributions of this paper are as follows: 1. Investigate sensing applications for possible interception and disclosure of GPS data streams.
2. Analyze captured traffic between mobile sensing applications and their respective web servers 3. Propose an enhanced encryption and authentication scheme based on AES-256/GCM for securing location and motion data in MCS.
The outline of this paper is as follows. Section 2 presents related works while materials and methods are elaborated in Section 3. In Section 4, results and discussion from the dynamic analysis of 40 Android-based (Smart City, Health and Fitness) applications are presented. The proposed encryption and authentication scheme is presented in Section 5. Section 6 concludes the paper.

Literature review
This section presents few works proposed in tackling some of the identified issues in MCS. With emphasis on smart city, we discuss efforts made by researchers in improving user incentive mechanisms, enhancing data trustworthiness and user reputation. With respect to security and privacy in MCS, this section also reviews previous works that have been done in analyzing Android and iOS applications using either static, dynamic or hybridized (static and dynamic) vulnerability analysis techniques.

Data trustworthiness and user reputation
Data trustworthiness is a major concern in mobile crowd sensing, since acquired data is mostly used for decision making that affects the quality of life of citizens [18]. Also, user trustworthiness refers to the average reputation of a user over a certain period of time [19]. Data trustworthiness in user incentivization was studied in Kantarci et al. [20]. The authors used both statistical and recommendation-based user reputation to ensure data trustworthiness. Also, Kantarci et al. [21] proposed Social Network-Assisted Trustworthiness Assurance (SONATA), a recommendation-based method that identifies malicious users that spread false information in MCS systems through manipulation of sensor readings. With this approach, the probability of manipulating data in MCS is reduced using the vote-based trustworthiness analysis and Sybil detection techniques.

Analysis of mobile crowd sensing applications
Pouryazdan et al. [5] classified data trustworthiness based on soft and hard reputation of MCS participants. Hard reputation in this case refers to accuracy from mobile sensing devices when used by participants in sensing activities. Soft reputation on the other hand refers to the malicious behaviour of the participants. They evaluate the performance of anchor-assisted, vote-based and collaborative reputation in mobile crowd sensing and conclude that hybridization of these approaches improve reputation scores of users in MCS.

User incentive mechanisms
Reliability of users in MCS can be sustained through incentive mechanisms as users tend to submit reliable data when good incentives are offered. Incentive mechanism is designed to inspire active human participation in MCS [19].
In an effort to increase user participation in MCS, several incentive mechanisms have been proposed; game theoretic methods [22], auction-based approaches [23], monetary [24] and non-monetary methods [25].
Yan et al. [26] propose a cloud-assisted architecture for MCS based urban transportation systems. In order to gain more participants, a component of the system called Mechanism of more Contributions and more Feedback Services (MCFS) is used as an incentive mechanism to collect more sensing data from drivers.
On the other hand, Obinikpo et al. [27] proposed queue theory to model target coverage in MCS. The model is based on birth-and-death mechanism which represents the arrival and exit of sensors in an MCS environment. This solves problems relating to network coverage, target clashes faced by sensors and as well as ensures efficient power usage during sensing.

Security analysis of MCS applications
From the user's perspective, security and privacy is a major concern in MCS, especially as MCS applications mostly gather sensitive sensor data of users which can be used to infer behavioural patterns of participants [19]. This makes it necessary to analyze potential disclosure of such sensitive information of users by sensing applications [28].
Fahl et al. [29] introduced MalloDroid (an extension of Androguard), a static code analyzer which they used to test 13,500 popular and free Android apps for security vulnerabilities against Man-in-the-Middle attacks. They focused their analysis on the communication protocols used by apps (i.e. HTTP or HTPS) and this was done by extracting URLs. Results from their analysis showed that 1074 out of the entire apps tested had vulnerable SSL/TLS codes which made apps susceptible to MITM attacks. Furthermore, SSL/TLS misuses were identified by the authors while carrying out manual analysis of 100 selected apps including 41 apps that transmitted sensitive information of users. They were able to capture login credentials of most apps and could also inject and execute code in an app that was developed using a vulnerable app-development framework.
Sounthiraraj et al. [30] presented SMV-HUNTER, a system that automatically analyzes large-scale Android apps for SMV. The system is composed of a static analysis component that recognizes possible vulnerable apps and also a dynamic analysis component that ratifies the vulnerable status of apps. The modular and non-specific system could be employed for other vulnerability analysis. The efficiency of the developed system was tested with 23,418 apps downloaded from Google Play Store where the static analysis spotted 1453 possible vulnerable apps and when dynamic analysis was performed on them, it was proven that 726 were actually vulnerable.
He et al. [31] investigated security and privacy risks in Android-based mHealth apps. The investigation was based on the following: (1) potential attack surfaces, (2) threat escalation, and (3) threat severity. In the first stage, 160 apps were downloaded from Google Play Store which included 80 free apps in Health & Fitness and 80 free Medical apps. From the attack surfaces identified, authors of this work presented areas that required security, which are: Third Party Services, Internet, Logging, Bluetooth, SD Card Storage, Exported Components, and Side Channels. In the second stage, they selected 27 apps for analysis and presented three attack surfaces that needed security, such as: Internet, Third Party Services, and Logging. In the third and final stage, 120 apps that transmit sensitive information were selected and analyzed to determine to severity of Internet communications of sensitive information transmission. Results showed that majority of the apps tested transmit unencrypted data over the Internet and also use third party storage and hosting services.
He et al. [32] selected 20 free and paid mHeatlh apps from Android and iOS Market Store for security and privacy analysis. They used most downloaded and high rated apps as selection criteria. Their aim was to identify apps that require user registration (name, address and email); apps that allow users to update their personal profile; apps that require user authentication (username and password) and the different data storage locations (device storage or cloud storage) used by apps. They focused on authentication related features in the downloaded apps with respect to user's privacy. Results presented by the authors proved that a large number of apps tested lack provision for user data control where users can delete their personal information. They also showed that most of the apps share users' information with third party. Sadly, authors of this work affirmed to an earlier research done in McCarthy [33] which presented the fact that most free apps do not implement any form of security mechanisms (such as SSL) during transfer of user information from mobile apps to their respective websites. Meanwhile, Knorr and Aspinall [34] presented a threat analysis method for Android-based mHealth apps that monitor hypertension and diabetes. Authors of this work tested apps under this category as well as their associated web servers in order to evaluate their privacy policies. From their analysis, the following conclusions were made: (1) Sensitive data transmitted by mHealth apps lack adequate security such as encryption which is due to the fact that app developers do not prioritize security during app development. (2) Security mechanisms are nontrivial (3) the ever changing functionalities in new apps which require regular security testing.
Previous works such as Fahl et al. [29] and Sounthiraraj et al. [30] analyzed a large number of Android apps using most downloaded and highly rated apps as selection criteria. They also developed tools that employ both static and dynamic analysis techniques in detecting vulnerable apps. On the other hand, He et al. [31] and Knorr and Aspinall [34] focused on analyzing apps that acquire health related data of users (mHealth apps). However, the security vulnerabilities of raw sensor data such as GPS data during mobile sensing have not been fully explored. More so, no effective security solution or countermeasure was proposed in these works. Hence the need for an effective and efficient security scheme that will protect sensitive sensor data during mobile crowd sensing.

Methodology
This section presents the applications selected for analysis together with the dynamic analysis tool used. The Android-based sensing applications are categorized into three distinct groups and the sensors employed for sensing are also highlighted.

Sensing applications
Sensing applications that will be tested are Android-based and they employ location (GPS) and motion (accelerometer and gyroscope) sensors for data acquisition. For the analysis, 40 apps are downloaded from Google Play Store and are grouped into the following categories: smart city, smart health and fitness apps. Free apps with high ratings are used as selection criteria. Table 1 presents the apps to be tested including sensors and communication medium used by each app.

Dynamic analysis tool
Dynamic analysis enables testing of running apps irrespective of the programming language used for the development of such apps. With this kind of testing, false positives are minimal due to the involvement of human expert in the analysis process [35]. There are several dynamic analysis tools that can be used for effective vulnerability assessment of apps. In this work, we used Burp Suite for black box testing since studies such as [36,37] have shown that it is one of the most effective and efficient tools for vulnerability assessment of web and mobile applications. Burp Suite has many testing features that provide effective vulnerability analysis. The Intruder tab is used for the automation of customized attacks against web applications in order to identify and exploit all known vulnerabilities. The Spider tab, offers crawling functions during penetration testing. The Repeater tool is employed to modify HTTP requests and to analyze their responses. The tool works as an intercepting proxy and can be configured to intercept, log, display and modify HTTP traffic. The main function of Burp suite is that it offers an overview of transmitted messages and parameters which allows the penetration tester (security researcher) to have full control of messages in order to simulate different attack scenarios.

Testing method
For the app testing, we used a Samsung Galaxy S4 smartphone running Android 5.0.1 Lollipop. We used a laptop running Kali Linux 4.13.10 to connect to the smartphone and to run Burp Suite. To effectively intercept SSL traffic between the sensing apps and their respective servers, a root certificate was installed on the smartphone. After setting up the test environment, we launched each app and created dummy accounts (username and passwords) where necessary. Thereafter, we used these apps like a regular user and at the same time tried to intercept traffic between the mobile sensing device (smartphone) and their respective web servers. Consequently, we sniffed sensitive information pertaining to raw GPS data each time location information were received. From the traffic captured, we recorded apps that use either HTTP or HTTPS connections. The dynamic analysis method used during the experiment allowed us to analyze and record SSL details of all running applications. We tried to implement a passive man-in-the-middle attack on apps that only employ HTTP and an active man-in-the-middle attack on apps that implemented SSL (HTTPS) incorrectly. The result of the experiment is presented in the next section.

Results and discussion
The results obtained from the vulnerabilities analysis with respect to the three different categories of apps tested are presented in this section. Results from all 18 smart city apps tested showed that interception of traffic between the mobile sensing device (smartphone) and web servers of respective sensing applications were possible during dynamic analysis. Furthermore, we observed that it was possible to obtain GPS data pertaining to location information of the user when the SSL connection was circumvented. Similarly, all 10 apps tested in the healthcare category were also vulnerable to traffic interception. Sensitive location information of the user were disclosed from the GPS data obtained during mobile sensing in all apps in this category. Lastly, all 12 apps tested in the fitness category were also vulnerable to traffic interception as it was possible to sniff plaintext GPS data gathered from the user. Table 2 summarizes the obtained results from the three categories of apps tested.
During the analysis, it was observed that most apps do not employ secure communication channel for the transfer of sensor data from the mobile sensing device (client-side) to the server, which makes it easy for an adversary to capture sensitive location information of users. Furthermore, when performing the analysis, it was possible to capture sensitive data (location information) of the user even when SSL was used due to its poor implementation in most apps. All apps tested were vulnerable to traffic interception and location information disclosure with a 100% rate as depicted in Figure 2. This proves that the privacy of MCS users is not guaranteed when using sensing apps that lack in-depth security on sensed data. To achieve maximum security, sensed data must be effectively and efficiently encrypted and authenticated during sensing irrespective of the communication channel used.
MCS may be used to offer real-time information to users on road and traffic conditions. However, maintaining user's privacy through effective security of their location  Analysis of mobile crowd sensing applications information remains an unsolved problem. Results from the vulnerability analysis of sensed data in MCS applications presented in this paper show that raw sensor readings can easily be intercepted and sensitive information disclosed to an adversary. This is as a result of lack of or ineffective security mechanisms of sensor data from Android-based sensing applications.

Health Apps
To ensure effective security during mobile sensing, a scheme that offers in-depth encryption and authentication of sensor data is required. Our proposed scheme which provides such services is discussed in some detail in the next section.

Proposed security scheme
Analysis presented in Section 3 is in line with earlier research work presented in Fahl, Harbach [29] which affirms that improper usage of SSL (such as trusting all certificates, allowing all hostnames and mixed-mode/No SSL) allows an active MITM attacker to have unauthorized access to plaintext information transmitted via a compromised encrypted channel. This entails that sensitive information of users transmitted in plaintext using an SSL connection that is incorrectly implemented or forced open by an attacker can compromise the confidentiality of sensed data. Considering the possibility of app developers to wrongly implement SSL in application codes which can be exploited by an attacker, we propose the encryption and authentication of sensed data (location and motion data) during mobile sensing before transmission to their respective servers. Table 3 presents notations and symbols used in the formulation of algorithms for the proposed security scheme. They are used both in the encrypt-then-authenticate and authenticate-only algorithms.  Results from analysis of Android-based sensing apps. Table 3. Notations and symbols.

Encryption and authentication of location-based sensor data
Authenticated Encryption with Associated Data (AEAD) schemes offer authentication, integrity and confidentiality services seamlessly by integrating the operations of a cipher and of a message authentication algorithm using a single key [38]. Commonly used AEAD schemes are, Galois Counter Mode (GCM), Encrypt-then-Authenticate-then Translate (EAX), and Cipher Counter Mode (CCM). On one hand, our proposed scheme employs GCM mode of operation with an underlying AES-256 block cipher to implement encrypt-then-authenticate mechanism on location data from GPS sensor. On the other hand, the authenticate-only mechanism is implemented on motion data from sensors such as accelerometer, gyroscope, etc. The algorithm is shown in Table 4 while the process diagram is illustrated in Figure 3. Location data from GPS sensor which contain sensitive information of MCS users is first encrypted then authenticated to ensure confidentiality and integrity. As shown in Figure 3, using GCM algorithm, the plaintext data denoted as PT is first divided into blocks (Counters of 1, . . ., n), and then XORed. As shown in Figure 3, the first block value is 1 which is encrypted using AES 256 with key K (E K ). The output of the encrypted counter is XORed Table 4. Algorithm to encrypt and authenticate location data. Analysis of mobile crowd sensing applications with the plaintext (location data, PT) which generates a ciphertext CT. This process is continued for all n blocks of plaintext (all GPS data). To ensure randomness, the Counter is concatenated with an Initialization Vector (IV) which serves as the nonce (which can only be used once). The IV is 96 bits and the counter uses 32 bits which sums up to the 128 bits block for the AES encryption enabling up to 2 32 before the counter moves over to the next block. To achieve authenticity and integrity, the ciphertext (CT) is XORed and the output is hashed using GHASH (a hashing function in GCM) and the output is passed from one stage unto the next stage of the algorithm until the n th block. The hash function is initialized by sending 128 bits of zero (0 128 ) and encrypted through the AES 256 algorithm then through the hashing function. Additionally, the length of the block (len (PT), i.e. length of the location-based data) is added to the hash together with the initialization vector (IV). The output of this process is an encrypted and authenticated GPS data. Remark. Without loss of generality, our assumption is that there is a Key Distribution Centre (KDC) in the form of a key server which handles key establishment, so that both the client/server (mobile app and web server) can share an encryption key E k .

Authentication of motion-based sensor data
Galois Message Authentication Code (GMAC) is a component of GCM (Galois Counter Mode), used for authentication of messages without encryption. GMAC is an incremental algorithm which after computing the MAC of a message M, the cost of computation of the message M 0 is proportional to the hamming weight between those messages [39]. Algorithm for the authenticate-only of motion data is presented in Table 5 with its process flow shown in Figure 4.
The hash function GHASH is defined by GHASHðH ; A; CÞ ¼ X mþnþ1 where the inputs of A and C are the incremental authentication function represented formally as incrðFjjI Þ obtained from FjjðI þ 1mod2 32 Þ. GMAC supports incremental tag generation for different messages, and modifications within a fixed-length message by attaching data to a message and data truncation from the beginning to the end of the message. In the proposed scheme, GMAC is employed for authentication of additional motion data. With this mechanism is place, data integrity is assured thereby identifying any form of data fabrication or modification from an adversary [40]. 128 bits which is the largest tag size for GMAC with AES block cipher is employed in the proposed scheme. GMAC offers an efficient method to authenticate large datasets, implementing the computation of new authentication tags after a slight modification is made.

Conceptual framework of the proposed scheme
The proposed scheme will be implemented as a generic Android application which will encrypt and authenticate data from location (GPS) and motion (accelerometer and gyroscope) sensors. These data can be used by mobile sensing applications that require secure location and motion data from Android based smartphone. Components and their respective interactions in the proposed scheme are shown in Figure 5.
Android is an open source software stack developed for smartphones and tablets. It consists of a Linux kernel, an Android middleware and the application layer. The Linux kernel offers basic functions such as memory, process scheduling, device drivers and the file system. Above the Linux kernel is the middleware layer, which has native libraries, the Android runtime environment and the application framework. The native libraries offer vital functionalities such as graphic processing. The Android runtime environment consists of core Java libraries and the Dalvik Virtual Machine, which is meant for certain requirements of resource constrained mobile devices [41]. The main security in Android are application sandboxing and a permission framework [41]. Vulnerabilities in Android's security architecture renders sensing applications more susceptible to security attacks. To this end, the proposed security scheme serves as a middleware for encrypting and authenticating sensed data in Android-based mobile devices.

Implementation of proposed scheme
Java's cryptography package (java.crypto) was used from the SUN JCE standard library for the key generation. JCE offers the needed cryptographic primitives for management of security in Android based applications. The basic API packages included in JCE are the standard java.crypto, java.security and java.math and these packages call the arithmetic primitives present in the OpenSSL native library, which include multiplication and modular squaring. Also, a lightweight version of Bouncy Castle library that offers high level execution functions is included in these APIs. The version of AES with 256-bit key was implemented, including the methods Ecrypt( ), Decrypt( ), Auth( ) and KeySchedule( ) using the GCM mode of operation. Each cipher's key generation algorithm is called once during the start process and the set of round keys are stored and used for every recursive call to the encryption/ decryption and the authenticate methods. Android Studio was employed for the development and deployment of the cryptographic algorithm as well as for the collection of data for the evaluation of the proposed security scheme. In an effort to optimize AES during implementation, we removed the use of local buffers to maintain the state while using the global variable to store the key schedule. Furthermore, key for each round was generated during the encryption process rather that precomputing and storing them in the RAM.

ACI
Transferring data in memory was minimized and the MixColumns transformation was written using the 16-bits memory. The experiment was implemented on a Samsung smartphone and its features are shown in Table 6.

Performance evaluation
To evaluate the performance of the implemented scheme, metrics such as speed (execution time) and memory were used. The phone was fully charged to 100% and other applications were also installed and used on the smartphones. This allows us to test the scheme in real world conditions. 5.5.1 Execution time. This refers to the number of plaintext data that can be encrypted/ decrypted as well as authenticated in a second. A segment of our code implementation outputs the time it takes to encrypt and decrypt a single block of data. This is used to calculate the throughput of the implemented scheme, which is obtained by dividing the total plaintext encrypted (in bytes) by the encryption time. Figure 6 shows the time it takes (in milliseconds) to encrypt a single block of location data from GPS sensor. On the other hand, Figure 7 depicts the time it takes (also in milliseconds) to authenticate-only a single block of motion data from accelerometer and gyroscope sensors using the GMAC property of GCM. Less time is used to authenticate a single block of motion based data compared with the time used to encrypt the same size of data from location sensor (GPS). Li-Ion 2600 mAh battery Table 6.  Analysis of mobile crowd sensing applications 5.5.2 Memory usage. The RAM or data memory is the high-speed, volatile onboard memory in smartphones. Presently, most smartphones come with memory of 2 GB to 3 GB. To get the RAM memory footprint, we used the ActivityManager.getMemoryInfo( ) method in Android and generated results were stored in the internal storage of the smartphone. As shown in Figure 8, encrypting data uses up more RAM memory of the smartphone followed by the decrypting of data. Authenticating data from motion sensors uses the least memory.
We compare the speed (execution time) and memory usage of the our scheme with AES-CBC based scheme as implemented in Li et al. [42]. Figure 9 shows our scheme performs fairly well in terms of speed (encryption time) when compared to Li, Yan [42]. AES-GCM mode of operation operates slightly slower than AES-CBC. However, improved execution time and memory usage was observed due to the optimization performed during implementation.

Security analysis
Our proposed security scheme aims to mitigate eavesdropping, information disclosure and modification of sensitive location and motion based sensor data in MCS. As justified by [43], AES-GCM is efficient and effective in ensuring data security when correctly implemented. 5.6.1 Data security accomplishment. Based on the nature of sensor network and wireless communication, sensor data could easily be intercepted and modified as proven in previous sections of this paper; this poses great danger in life-critical cases. The encryption and authentication scheme implemented for Android based smartphone ensures data confidentiality, integrity and authentication. Burp suite was again employed to analyze traffic containing sensor data encrypted and authenticated using our implemented security scheme. We observed the following from the security testing performed: 5.6.2 Eavesdropping/information disclosure. The scheme implemented as an Android app encrypts location data from GPS as well as authenticates motion data from accelerometer and gyroscope sensors. Results presented in previous sections show that improper/no implementation of SSL in sensing applications could lead to successful interception and leakage of sensitive information of MCS users. The implemented scheme (security app), ensures that all location and motion data from smartphone sensors are effectively encrypted and authenticated. This thwarts the efforts of eavesdroppers in gaining access to sensitive information of MCS users. 5.6.3 Data modification. Any attempt by an adversary to modify sensor data can be detected using the unforgeable tag generated by the GMAC algorithm. This guarantees integrity and authenticity of sensor data from MCS applications.

Conclusion
In this paper, we presented an analysis of 40 Android-based sensing applications. The applications were categorized into three distinct groups namely, smart city, smart health and fitness apps. We used Burp Suite, a tool that employs dynamic analysis to identify apps that are vulnerable to SSL exploitation (such as MITM attack), eavesdropping and sensitive information disclosure. The analysis revealed possibility of traffic interception between client-side (smartphone) and the server- Analysis of mobile crowd sensing applications side (web server) in all apps tested. In this paper, we also showed that sensitive GPS data pertaining to real-time location of the user were disclosed in all apps tested.
Results from the analysis show that an adversary with the right tools and technical skills can exploit an SSL connection especially when it is wrongly implemented. When this happens, sensitive data (such as geolocation coordinates and login credentials) transmitted via the encrypted channel (SSL) are revealed in plaintext to the attacker, which compromises confidentiality and threatens user's privacy. To effectively protect sensed data, we proposed and implemented a security scheme that offers in-depth security through the encryption and authentication of data from location and motion sensors. The proposed scheme employs AES 256-GCM algorithm to ensure confidentiality, integrity and authenticity of sensor data in MCS. Results from the performance analysis of the proposed scheme show high execution time (encryption/decryption time) while the memory usage is considerable low.