Panoptes: Detecting Out-of-Sight Privacy Exposure in Android

Authors: Sajjad Pourali (Concordia University), Mohammad Mannan (Concordia University)

Volume: 2026
Issue: 4
Pages: 358–375
DOI: https://doi.org/10.56553/popets-2026-0125

Download PDF

Abstract: Android apps frequently collect and transmit sensitive user information, even when not actively engaged by users. While existing research has extensively explored privacy concerns related to foreground app usage, the risks associated with apps operating out-of-sight, when they are minimized or closed, remain largely unexplored. We design and implement Panoptes, a dynamic analysis tool that detects and attributes data exposure in Android out-of-sight app operations at scale. By systematically triggering and monitoring background works, we conduct the first large-scale measurement of what data apps collect and how they expose sensitive information without user interaction, and attribute the execution of background works to the criteria that trigger them. We evaluated 15,456 popular apps from AndroidRank and found that 13,068/15,456 (84.5%) apps establish network connections while not visible on the device. Of these, 7534/13,068 (57.7%) continue their activity regardless of whether the app is visibly open, closed, or even if it has never been opened. Our findings also uncovered undocumented features that enable apps to collect data even when they are apparently closed. This study sheds light on the hidden privacy risks in Android, and highlights the need for developing more robust techniques to mitigate surreptitious data exfiltration through invisible activities.

Keywords: Android, Mobile Privacy, Privacy Exposure, Dynamic Analysis, Background Works, Background Execution, Dynamic Analysis, Asynchronous Attribution

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.