Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1109/sate.2016.13

2016-01-01

Abstract:As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.

Mike Grace,Yajin Zhou,Zhi Wang,Xuxian Jiang

2011-01-01

Abstract:Recent years have witnessed increased popularity and adoption of smartphones partially due to the functionalities and convenience offered to their users (e.g., the ability to run third-party applications). To manage the amount of access given to smartphone applications, Android provides a permission-based security model, which requires each application to explicitly request permissions before it can be installed to run. In this paper, we systematically analyze eight flagship Android smartphones from leading manufacturers, including HTC, Motorola, and Samsung and found out that the stock phone images do not properly enforce the permission model. Several privileged permissions that protect the access to sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not need to request them for the actual use, a security violation termed capability leak in this paper. To facilitate identifying these capability leaks, we take a static analysis approach and have accordingly developed a system called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting these leaked capabilities, an untrusted application can manage to wipe out the user data, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations on the affected phones – all without the need of asking for any permission.

Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1007/s11432-016-9072-3

2017-01-01

Abstract:The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful. Android provides a permission mechanism to ensure security and privacy. This permission mechanism requires that developers declare the sensitive resources required by their applications. On installation or during runtime, users are required to agree with the permission request. However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly. Some data mining techniques (e.g., association rule mining) have been proposed to help better recommend permissions required by an API. In this paper, based on popular techniques used to build recommendation systems, we propose two novel approaches to improve the effectiveness of the prior work. The first approach utilizes a collaborative filtering technique, which is inspired by the intuition that apps that have similar features — inferred from their APIs — usually share similar permissions. The second approach recommends permissions based on a text mining technique that uses a naive Bayes multinomial classification algorithm to build a prediction model by analyzing descriptions of apps. To evaluate these two approaches, we use 936 Android apps from F-Droid, which is a repository of free and open source Android applications. We find that our proposed approaches yield a significant improvement in terms of precision, recall, F1-score, and MAP of the top-k results over the baseline approach.

Amer Chamseddine,George Candea

DOI: https://doi.org/10.48550/arXiv.1906.10873

2019-06-27

Abstract:Smartphones hold important private information, yet users routinely expose this information to questionable applications written by developers they know nothing about. Users may be tempted to think of smartphones as old-style dumb phones, not as powerful network-connected computers, and this opens a gap between the permissions-based security paradigm (offered by platforms like Android) and what users expect. This makes it easy to fool users into installing applications that steal their information. Not surprisingly, Android is now a more favored target for hackers than Windows. We propose an approach for closing this gap, based on the observation that the current permissions system--rooted in good ol' UNIX-style thinking--is both too coarse and too fine grained, because it uses the wrong axes for defining the permissions space. We argue for replacing the paradigm in which "an app accesses device resources" (which is foreign to most non-geeks) with a paradigm in which "an app accesses user-tangible services." By using a simple piece of middleware, we can wrap this view of application control around today's permission system, and, by doing so, no conceptual refactoring of applications is required.

Cryptography and Security

Salim Ullah,Muhammad Sohail Khan,Choonhwa Lee,Muhammad Hanif

DOI: https://doi.org/10.3390/electronics11020246

IF: 2.9

2022-01-13

Electronics

Abstract:Recently, smartphone usage has increased tremendously, and smartphones are being used as a requirement of daily life, equally by all age groups. Smartphone operating systems such as Android and iOS have made it possible for anyone with development skills to create apps for smartphones. This has enabled smartphone users to download and install applications from stores such as Google Play, App Store, and several other third-party sites. During installation, these applications request resource access permissions from users. The resources include hardware and software like contact, memory, location, managing phone calls, device state, messages, camera, etc. As per Google’s permission policy, it is the responsibility of the user to allow or deny any permissions requested by an app. This leads to serious privacy violation issues when an app gets illegal permission granted by a user (e.g., an app might request for granted map permission and there is no need for map permission in the app, and someone can thereby access your location by this app). This study investigates the behavior of the user when it comes to safeguarding their privacy while installing apps from Google Play. In this research, first, seven different applications with irrelevant permission requests were developed and uploaded to two different Play Store accounts. The apps were live for more than 12 months and data were collected through Play Store analytics as well as the apps’ policy page. The preliminary data analysis shows that only 20% of users showed concern regarding their privacy and security either through interaction with the development team through email exchange or through commenting on the platform and other means accordingly.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kao Zhao,Deqing Zou,Hai Jin,Zhangbiaoge Tian,Weizhong Qiang,Weiqi Dai

DOI: https://doi.org/10.1109/mobserv.2015.33

2015-01-01

Abstract:Today's smartphones are equipped with various embedded motion sensors, such as accelerometer, gyroscope, and orientation sensors. Perceptual applications perceive the environment of mobile users via sensors. However, malicious applications may use these sensors to steal user's privacy, and attackers can use sensors as side channel data to infer user's inputs. Existing solutions suffer from limited sensors and overhead problems. In this paper we present Perceptual Assistant (PA), a practical privacy protection system for all the sensors and untrusted perceptual applications. PA allows users to customize the sensor policy of third-party applications, and prevent malicious application from accessing sensors at runtime. We evaluate PA with several typical perceptual applications that perform diverse tasks. PA system shows both practical and lightweight: it can protect user's privacy efficiently while maintaining reasonable overhead.

Jie Gu,Yunjie (Calvin) Xu,Heng Xu,Cheng Zhang,Hong Ling

DOI: https://doi.org/10.1016/j.dss.2016.10.002

IF: 6.969

2017-01-01

Decision Support Systems

Abstract:In the mobile age, protecting users' information from privacy-invasive apps becomes increasingly critical. To precaution users against possible privacy risks, a few Android app stores prominently disclose app permission requests on app download pages. Focusing on this emerging practice, this study investigates the effects of contextual cues (perceived permission sensitivity, permission justification and perceived app popularity) on Android users' privacy concerns, download intention, and their contingent effects dependent on users' mobile privacy victim experience. Drawing on Elaboration Likelihood Model, our empirical results suggest that perceived permission sensitivity makes users more concerned about privacy, while permission justification and perceived app popularity make them less concerned. Interestingly, users' mobile privacy victim experience negatively moderates the effect of permission justification. In particular, the provision of permission justification makes users less concerned about their privacy only for those with less mobile privacy victim experience. Results also reveal a positive effect of perceived app popularity and a negative effect of privacy concerns on download intention. This study provides a better understanding of Android users' information processing and the formation of their privacy concerns in the app download stage, and proposes and tests emerging privacy protection mechanisms including the prominent disclosure of app permission requests and the provision of permission justifications. We focus on Android users' privacy decision-making in app download stage.Perceived permission sensitivity makes users more concerned for privacy.Permission justification makes users less concerned for privacy.Perceived app popularity make users less concerned for privacy.Mobile privacy victim experience reduces the alleviating effect of permission justification on privacy concerns.

Yiting Qu,Suguo Du,Shaofeng Li,Yan Meng,Le Zhang,Haojin Zhu

DOI: https://doi.org/10.1109/jiot.2020.3039472

IF: 10.6

2021-05-01

IEEE Internet of Things Journal

Abstract:Mobile applications play a crucial role in the IoT system, which is experiencing unprecedented growth. However, users possessing little knowledge of permission configurations often accept app permission requests without reading them, which opens a backdoor for the potential adversaries to launch the future attacks. Proposing an automatic permission management scheme is an attractive solution to solve this issue, but since users have varying attitudes toward privacy, such a scheme would be neither straightforward nor user friendly. In this study, an automatic permission optimization framework, Permizer, is proposed to recommend different app permission configurations to users with different privacy preferences. Permizer estimates the permission risks and builds the permission-functionality mapping to each app, then regulates the relationship between permission and app functionality. Permizer is the first module to achieve a balance between privacy protection and app functionality under the personal privacy preference condition. Finally, we develop Permizer as a one-button service on the real-world Android OS with 58 apps. Case studies conducted on TikTok and Amazon Alexa also demonstrate its practicability and effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic

Run Wang,Zhibo Wang,Benxiao Tang,Lei Zhao,Lina Wang

DOI: https://doi.org/10.1109/tmc.2019.2934441

IF: 6.075

2020-01-01

IEEE Transactions on Mobile Computing

Abstract:With the unprecedented convenience brought by Apps on mobile devices, we are facing severe security attacks and privacy leakage caused by them since they may stealthily access unclaimed or unneeded permissions for some purposes. Many works strive to discover these malicious apps using program analysis techniques, however, they fail to tell users why an app needs to request the permission from users' perspective. In this paper, we leverage the power of the crowdsourced user reviews to understand why an app requests a permission. We propose a framework, called SmartPI, that automatically identifies functionality-relevant user reviews and infers the permission implication of them, bridging the gap between the functionalities and the actual behaviors of an app. In particular, we extract features from the platform documents to identify functionality-relevant user reviews from noisy crowdsourced user reviews with Natural Language Processing (NLP) techniques. The topic model is further adopted to infer the permission implications of apps from the functionality-relevant user reviews. More than 20,000 apps, 2,653,159 users, and 4,247,769 user reviews are crawled from Google Play as a real-world dataset to evaluate the performance of SmartPI. The experiments results show that the permission usage of apps can be better reflected by user reviews than the claimed descriptions of apps.

Shaokun Zhang,Hanwen Lei,Yuanpeng Wang,Ding Li,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1109/ase56229.2023.00141

2024-01-01

Abstract:The Data Minimization Principle is crucial for protecting individual privacy. However, existing Android runtime permissions do not guarantee this principle. Moreover, the lack of an automatic enforcement mechanism leads to uncertainty as to whether apps strictly comply with this principle. To bridge this gap, we conduct the first systematic empirical study on violations of the Data Minimization Principle and design a new enforcement tool called GUIMind to detect them. GUIMind first utilizes a reinforcement learning model to explore app activities and monitor access to sensitive APIs that require sensitive permissions, and then it leverages an existing tool to detect such violations. We evaluate the performance of GUIMind using 120 real-world Android apps. The results indicate that GUIMind can achieve a detection accuracy of 96.1%, effectively accelerating the empirical study. Our empirical research is mainly focused on the prevalence of violations, the responses of administrators to violations, and the potential factors and characteristics that lead to violations, such as typical violations, app categories, and personal data types. Our study reveals that 83.5% of apps contain at least one privacy violation, with health apps being the most severe. In addition, telephony information is the most commonly leaked personal data type, accounting for 71.1%. Finally, we randomly selected 60 non-compliant apps for reporting to the administrator, whose responses confirm the effectiveness of our approach.

Zilong Liu,Xuequn Wang,Xiaohan Li,Jun Liu

DOI: https://doi.org/10.1145/3475797

2022-02-28

Abstract:Although individuals increasingly use mobile applications (apps) in their daily lives, uncertainty exists regarding how the apps will use the information they request, and it is necessary to protect users from privacy-invasive apps. Recent literature has begun to pay much attention to the privacy issue in the context of mobile apps. However, little attention has been given to designing the permission request interface to reduce individuals’ perceived uncertainty and to support their informed decisions. Drawing on the principal–agent perspective, our study aims to understand the effects of permission justification, certification, and permission relevance on users’ perceived uncertainty, which in turn influences their permission authorization. Two studies were conducted with vignettes. Our results show that certification and permission relevance indeed reduce users’ perceived uncertainty. Moreover, permission relevance moderates the relationship between permission justification and perceived uncertainty. Implications for theory and practice are discussed.

computer science, information systems, cybernetics

Jinseong Jeon,Kristopher Micinski,Jeffrey A. Vaughan,Nikhilesh Reddy,Yixin Zhu,Jeffrey S. Foster,Todd Millstein

2011-01-01

Abstract:Google’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. We have found that Android’s current permissions are often overly broad, providing apps with more access than they truly require. This deviation from least privilege increases the threat from vulnerabilities and malware. To address this issue, we present a novel system that can replace existing platform permissions with finer-grained ones. A key property of our approach is that it runs today, on stock Android devices, requiring no platform modifications. Our solution is composed of two parts: Mr. Hide, which runs in a separate process on a device and provides access to sensitive data as a service; and Dr. Android (Dalvik Rewriter for Android), a tool that transforms existing Android apps to access sensitive resources via Mr. Hide rather than directly through the system. Together, Dr. Android and Mr. Hide can completely remove several of an app’s existing permissions and replace them with finergrained ones, leveraging the platform to provide complete mediation for protected resources. We evaluated our ideas on several popular, free Android apps. We found that we can replace many commonly used “dangerous” permissions with finer-grained permissions. Moreover, apps transformed to use these finer-grained permissions run largely as expected, with reasonable performance overhead.

Nourah Alshomrani,Steven Furnell,Ying He

DOI: https://doi.org/10.1007/978-3-031-35822-7_36

2023-01-01

Abstract:Nowadays, users face an increasing range of contexts in which they may wish to control access to and share their data. This includes mobile apps accessing sensitive data, cookies tracking user activity, and social media sites targeting users for advertisement. Existing studies have determined that many ordinary users are unable to make informed permissions-related decisions when giving permissions to apps due to a lack of understanding of permissions and interface issues. Today, primary web services, such as social networks, mobile phones, web browsers and the Internet of Things, provide a vast number of privacy settings to users, aiming to provide more control. Although privacy details and permission settings are often made available, they can fall short of capturing and communicating essential considerations which users care about or offering them a meaningful level of control. As a result, the situation for many users has become unmanageable, and they do not have sufficient and proper control of all permissions on different platforms. This paper presents initial findings from ongoing research that is aimed at investigating ways to improve communication with users and support their related decision-making. The analysis leads to the following conclusions: end-users do not read and misunderstand permission requirements, demonstrating a gap between knowledge, perception and behaviours about permissions and privacy settings. Therefore, it is reasonable to assist consumers by allowing them to manage and revisit their privacy settings easily. The number of privacy decisions is growing; therefore, it is unrealistic for ordinary users to manage all these privacy settings.

Liu Yang,Nader Boushehrinejadmoradi,Pallab Roy,Vinod Ganapathy,Liviu Iftode

DOI: https://doi.org/10.1145/2381934.2381940

2012-01-01

Abstract:Android adopts a permission-based model to protect user's data and system resources. An application needs to explicitly request user's approval of the required permissions at the installation time. The utility of the permission model depends critically on end users' ability to comprehend them. However, a recent study has shown that Android users have poor comprehension on permissions. In this paper, we propose to help Android users better understand application permissions through crowdsourcing. In our approach, collections of users of the same application use our tool to help each other on permission understanding by sharing their permission reviews. We demonstrate the feasibility of our approach by implementing a proof-of-concept of our design, which can provide meaningful clues to users on what purposes a permission serves in an application. Our case study shows that the tool can provide helpful information of permission usage. It also exposes the limitations of the current implementation, and the challenges need to be addressed in our next step.

Yun Zhou,Marta Piekarska,Alexander Raake,Tao Xu,Xiaojun Wu,Bei Dong

DOI: https://doi.org/10.1016/j.procs.2017.05.300

2017-01-01

Procedia Computer Science

Abstract:The paper assesses the gap between actual and perceived privacy features of smartphones, exploring privacy as one decision-making factor in information protection, and the balance between privacy control and the required user interaction with the settings. We conducted a fine-grained evaluation partly based on the Privacy Panel, a protection solution on Firefox OS including features of Find my Device, Backup, Location Blurring, and Guest Mode. Results showed that safety as one decision-making factor impacted information protection in different use cases at different levels. Although people sacrifice more privacy as the price of a handset grows, they still see privacy as a factor of various significance with respect to context of finding back smartphone and selecting storage places. People were satisfied to use improved privacy settings but still did not well adapt to complex personalized interfaces. Sorting methods, recommendations and establishing profiles have shown to be feasible ways to assist users to balance between full control and the additional interaction burden when adjusting privacy settings in a complex app ecosystem.

Jiaojiao Fu,Yangfan Zhou,Xin Wang

DOI: https://doi.org/10.1002/spe.2734

2019-01-01

Abstract:SummaryMost Android applications include third‐party libraries (3PLs) to make revenues, to facilitate their development, and to track user behaviors. 3PLs generally require specific permissions to realize their functionalities. Current Android systems manage permissions in app (process) granularity. As a result, the permission sets of apps with 3PLs (3PL‐apps) may be augmented, introducing overprivilege risks. In this paper, we firstly study how severe the problem is by analyzing the permission sets of 27 718 real‐world Android apps with and without 3PLs downloaded in both 2016 and 2017. We find that the usage of 3PLs and the permissions required by 3PL‐apps have increased over time. As a result, the possibility of overprivilege risks increases. We then propose Perman, a fine‐grained permission management mechanism for Android. Perman isolates the permissions of the host app and those of the 3PLs through dynamic code instrumentation. It allows users to manage permission requests of different modules of 3PL‐apps during app runtime. Unlike existing tools, Perman does not need to redesign Android apps and systems. Therefore, it can be applied to millions of existing apps and various Android devices. We conduct experiments to evaluate the effectiveness and efficiency of Perman. The experimental results verify that Perman is capable of managing permission requests of the host app and those of the 3PLs. We also confirm that the overhead introduced by Perman is comparable to that by existing commercial permission management tools.

Sarah E. Carter,Mathieu d'Aquin,Dayana Spagnuelo,Ilaria Tiddi,Kathryn Cormican,Heike Felzmann

DOI: https://doi.org/10.48550/arXiv.2308.05700

2023-08-11

Abstract:Many of us make quick decisions that affect our data privacy on our smartphones without due consideration of our values. One such decision point is establishing whether to download a smartphone app or not. In this work, we aim to better understand the relationship between our values, our privacy preferences, and our app choices, as well as explore the effectiveness of a smartphone value-centered privacy assistant (VcPA) at promoting value-centered app selection. To do this, we conducted a mixed-methods study that involved two phases. The first was an online survey of 273 smartphone user's values and privacy preferences when considering whether to download one of two apps (Lose It! and OpenLitterMap). Our results suggest that values and privacy preferences are related in an app or context-dependent manner. The second phase was testing the VcPA with 77 users in a synthetic Mock App Store setting. We established usability of a VcPA, with the VcPA helping some users more than others with selecting apps consistent with their selected value profile. Future qualitative and context-specific explorations of user perspectives could contribute to adequately capturing the specific role of values for privacy decision-making and improving the VcPA.

Cryptography and Security,Computers and Society,Human-Computer Interaction

Saad Sajid Hashmi,Nazar Waheed,Gioacchino Tangari,Muhammad Ikram,Stephen Smith

DOI: https://doi.org/10.48550/arXiv.2106.10035

2021-07-28

Abstract:Contemporary mobile applications (apps) are designed to track, use, and share users' data, often without their consent, which results in potential privacy and transparency issues. To investigate whether mobile apps have always been (non-)transparent regarding how they collect information about users, we perform a longitudinal analysis of the historical versions of 268 Android apps. These apps comprise 5,240 app releases or versions between 2008 and 2016. We detect inconsistencies between apps' behaviors and the stated use of data collection in privacy policies to reveal compliance issues. We utilize machine learning techniques for the classification of the privacy policy text to identify the purported practices that collect and/or share users' personal information, such as phone numbers and email addresses. We then uncover the data leaks of an app through static and dynamic analysis. Over time, our results show a steady increase in the number of apps' data collection practices that are undisclosed in the privacy policies. This behavior is particularly troubling since privacy policy is the primary tool for describing the app's privacy protection practices. We find that newer versions of the apps are likely to be more non-compliant than their preceding versions. The discrepancies between the purported and the actual data practices show that privacy policies are often incoherent with the apps' behaviors, thus defying the 'notice and choice' principle when users install apps.

Cryptography and Security

Sha Wu,Jiajia Liu

DOI: https://doi.org/10.1109/ICC.2019.8761572

2019-01-01

Abstract:Android applications (Apps) have penetrated almost every aspect of our lives, bring users great convenience as well as security concerns. Even though Android system adopts permission mechanism to restrict Apps from accessing important resources of a smartphone, such as telephony, camera and GPS location, users face still significant risk of privacy leakage due to the overprivileged permissions. The overprivileged permission means the extra permission declared by the App but has nothing to do with its function. Unfortunately, there doesn't exist any tool for ordinary users to detect the overprivileged permission of an App, hence most users grant any permission declared by the App, intensifying the risk of private information leakage. Although some previous studies tried to solve the problem of permission overprivilege, their methods are not applicable nowadays because of the progress of App protection technology and the update of Android system. Towards this end, we develop a user-friendly tool based on frequent item set mining for the detection of overprivileged permissions of Android Apps, which is named Droidtector. Droidtector can operate in online or offline mode and users can choose any mode according to their situation. Finally, we run Droidtector on 1000 Apps crawled from Google Play and find that 479 of them are overprivileged, accounting for about 48% of all the sample Apps.