xShare: Supporting Impromptu Sharing of Mobile
Phones
Yunxin Liu
1,3
, Ahmad Rahmati
2
, Yuanhe Huang
1,4
, Hyukjae Jang
1,5
, Lin Zhong
2
,
Yongguang Zhang
1
, Shensheng Zhang
3
1
Microsoft Research Asia, Beijing, China
2
Rice University, Houston, TX, USA
3
Shanghai Jiao Tong University, Shanghai, China
4
Tsinghua University, Beijing, China
5
KAIST, Daejeon, Republic of Korea

ABSTRACT
Loaded with personal data, e.g. photos, contacts, and call
history, mobile phones are truly personal devices. Yet it is
often necessary or desirable to share our phones with others.
This is especially true as mobile phones are integrating fea-
tures conventionally provided by other dedicated devices,
from MP3 players to games consoles. Unfortunately, when
we lend our phones to others, we give away complete access
because existing phones assume a single user and provide
little protection for private data and applications. In this
work, we present xShare, a protection solution to address
this problem. xShare allows phone owners to rapidly specify
what they want to share and place the phone into a restricted
mode where only the data and applications intended for
sharing can be accessed.
We first present findings from two motivational user studies
based on which we provide the design requirements of
xShare. We then present the design of xShare based on file-
level access control. We describe the implementation of
xShare on Windows Mobile and report a comprehensive
usability evaluation of the implementation, including meas-
urements and user studies. The evaluation demonstrates that
our xShare implementation has negligible overhead for in-
teractive phone usage, is extremely favored by mobile users,
and provides robust protection against attacks by experi-
enced Windows Mobile users and developers.
Categories and Subject Descriptors
D.4.3 [Operating Systems]: File Systems Management
D.4.6 [Operating Systems]: Security and Protection
General Terms
Design, Management, Performance
Keywords
Sharing, Mobile phone, Privacy, Virtualization
1. INTRODUCTION
While mobile phones have been very personal devices for
their users, two recent trends have made phone sharing in-
creasingly attractive, as we have found from two user stud-
ies. First, as mobile phones become feature-rich and
equipped with large amounts of storage for user-generated
content, it has become socially attractive to share features or
user generated content (e.g. music and pictures) with others.
Second, as the price of feature-rich, Internet-capable mobile
phones drops, they have become an attractive solution for
providing under-served communities with access to infor-
mation and communication technologies. In such communi-
ties, phone sharing is fundamentally necessary because it
will still take a long time for such phones to become afford-
able to the majority of their community members.
However, existing mobile phones provide inadequate sup-
port for such sharing; there is no access control on private
data and pay-per-use applications. Consequently, when the
owner shares their phone, the borrower will have the same
access rights as the owner. Some mobile phones use a pass-
word to prevent unauthorized access; yet it is for the entire
system and therefore the access control is nothing or every-
thing. The iPhone has a restriction feature that can disable
some built-in applications. Yet it does not apply to third-
party applications nor does it provide access control for da-
ta. Windows Mobile phones can boot into a less-known Ki-
osk mode, in which only certain applications can be run.
However, it requires a reboot and does not provide access
control to data.
To address such limitations, we present xShare, a software
solution for friendly, efficient, and secure phone sharing.
xShare is based on existing system support and allows the
owner to rapidly specify what they want to share and place
the phone into a restricted mode where only specifically
shared applications and data are accessible. In this work, we
present the results from a complete research and develop-
ment cycle of xShare, including motivational user studies,
design, implementation, and evaluation. Therefore, our con-
tributions are fourfold.
Motivational User Studies (Section 3). We present a thor-
ough understanding of phone sharing obtained from two
user studies, including interviews with existing smartphone
users from four countries and long-term user studies with
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that cop-
ies bear this notice and the full citation on the first page. To copy other-
wise, or republish, to post on servers or to redistribute to lists, requires
prior specific permission and/or a fee.
MobiSys’09, June 22–25, 2009, Kraków, Poland.
Copyright 2009 ACM 978-1-60558-566-6/09/06...$5.00.
15

teenagers from the USA. Our user studies show that the
majority of existing and potential users share their mobile
phones. Our user studies provide insight into why, where,
with whom, and for what applications mobile users share
their phones. Our long-term study further shows that phone
sharing serves as an important social networking tool for the
participants. Our findings highlight the inadequate privacy
protection for sharing in current phones.
Design (Section 4). Based on these findings, we propose the
design of xShare based on file-level access control. xShare
provides two modes of operation, Normal Mode and Shared
Mode. When switching from Normal Mode to Shared
Mode, the owner specifies which files and applications to
share, or a sharing policy. xShare creates a virtual environ-
ment for Shared Mode from the sharing policy. The virtual
environment contains only specifically shared files and ap-
plications and conceals the rest of the system. When switch-
ing from Shared Mode to Normal Mode, user authentication
is required. The borrower uses the phone in Shared Mode.
Implementation (Section 5). We have implemented xShare
on Windows Mobile. Our implementation works atop of the
existing systems without requiring changes to the OS source
code or the phone ROM image. As Windows Mobile lacks
built-in file-level access control, we implement one based
on system API interception at the kernel level. We imple-
ment namespace virtualization for resource access and cre-
ate a virtual environment to contain shared data and applica-
tions in Shared Mode. Further we have addressed several
practical challenges, such as the tight integration of system
services and in-memory data. Through careful examination
of the Windows CE kernel, we are able to provide a com-
plete yet user-friendly implementation.
Evaluation (Section 6). We provide a comprehensive us-
ability evaluation of the xShare implementation through
performance measurements and two user studies. Our meas-
urements show that xShare barely affects the overall system
performance in Shared Mode. Our first user study shows
phone owners’ subjective opinions were extremely positive,
almost unanimously responding that xShare is useful, satis-
fies their needs, and is easy to learn and use. With minimal
training, our participants were able to specify common shar-
ing policies in approximately 20 seconds. Our second user
study was with Windows Mobile developers as malicious
phone borrowers. It shows that xShare is resilient to at-
tempts of unauthorized access. It further shows that xShare
provides a satisfactory performance and user experience
with shared applications and data.
To the best of our knowledge, our work is the first publicly
reported study on supporting phone sharing. While we in-
tend xShare to promote phone sharing for both social and
economic purposes, it is important to note that our evalua-
tion is limited to the usability of xShare, and not its social
and behavioral impact. In addition, xShare is not intended to
make mobile phones more secure than they already are. In-
stead, it is intended to limit temporary users to explicitly
shared services and data. Therefore, even with xShare, tem-
porary users may be able to exploit existing security flaws
in the phone to overpower xShare.
The rest of the paper is organized as follows. We discuss
related work in Section 2 and present the motivational user
studies in section 3. We present the design, implementation,
and evaluation of xShare in Sections 4-6, respectively. We
address the limitations of xShare in Section 7 and conclude
in Section 8.
2. RELATED WORK
Technology Sharing. The underpinning motivation of
xShare is that mobile phone users are interested in sharing
their devices. In recent years, there have been several pieces
of work that have investigated information technology shar-
ing [1, 2, 4, 10, 11, 14]. In particular, the authors of [11]
pointed out “face-to-face media sharing” is desirable but not
well supported by the existing technologies. The authors of
[2] studied the culture factors behind phone sharing in rural
India. Without providing a solution, their work highlighted
the necessity of phone sharing in under-served communities.
Both works are motivational to xShare.
Virtual Machine (VM). The system implementation of
xShare is related to existing work in OS and application-
level virtualization [6-9, 12, 13, 15]. Yet xShare has a very
different design goal. Virtualization solutions aim at isolat-
ing multiple VMs from each other and preventing them
from altering each other’s data. Yet, they may not necessar-
ily prevent VMs from reading each others’ data, or system
data, e.g. [15]. In contrast, xShare aims at preventing a sin-
gle VM from accessing non-shared data and applications.
Therefore, xShare can be significantly lighter in employing
a different approach. Some companies, such as VMware
[17] have recently announced upcoming VM solutions for
mobile platforms. However, as mobile devices are expected
to remain processor and energy constrained compared to
their PC counterparts, we expect that the additional over-
head of VM solutions in terms of processing power and bat-
tery life would remain significant.
Support for Multiple Users. Conventional multi-user sup-
port, as present in desktop OSes, are designed for a com-
puter that will be actively used by multiple but usually
known users. It creates a complete system profile for each
user and provides different prestige levels to each of them.
In contrast, we aim at supporting a mobile device that is
borrower only
lender only
lender & borrower
never
0% 20% 40% 60% 80% 100%

Figure 1: Phone sharing statistics
16