Privacy Implications of Data Collection in Android Automotive OS

Author

Bulut Gözübüyük, Clemson UniversityFollow

Date of Award

5-2025

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science

Committee Chair/Advisor

Mert D. Pesé

Committee Member

Long Cheng

Committee Member

Lu Yu

Abstract

Modern vehicles have become sophisticated computational and sensor systems, as evidenced by advanced driver assistance systems (ADAS), in-car infotainment, and autonomous driving capabilities. They collect and process vast amounts of data through various onboard subsystems. One significant player in this landscape is Android Automotive OS (AAOS), which has been integrated into over 100 million vehicles and has become a dominant force in the in-vehicle infotainment (IVI) market. With this extensive data collection, privacy concerns have become increasingly crucial. The volume of data gathered by these systems raises questions about how this information is stored, used, and protected, making privacy a critical issue for manufacturers and consumers. However, very little has been done on vehicle data privacy. This paper focuses on the privacy implications of AAOS by examining the exact nature and scope of its data collection. It also presents a novel automotive privacy analysis tool called PriDrive, which employs three methodological approaches: network traffic inspection, and both static and dynamic analyses of Android images using rooted emulators from various OEMs. Finally, the evaluation on three different OEM platforms reveals that some OEMs collect much more data than others. OEM A collects vehicle speed at a sampling rate of roughly 25 Hz. Meanwhile, other properties such as model info, climate and AC, seat data, and others are collected in a batch 30 seconds into vehicle startup.

Recommended Citation

Gözübüyük, Bulut, "Privacy Implications of Data Collection in Android Automotive OS" (2025). All Theses. 4533.
https://open.clemson.edu/all_theses/4533