Results 1 - 10
of
41
Android permissions demystified
- In CCS’11
"... Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whet ..."
Abstract
-
Cited by 211 (12 self)
- Add to MetaCart
(Show Context)
Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whether Android developers follow least privilege with their permission requests. We built Stowaway, a tool that detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. We used automated testing tools on the Android API in order to build the permission map that is necessary for detecting overprivilege. We apply Stowaway to a set of 940 applications and find that about one-third are overprivileged. We investigate the causes of overprivilege and find evidence that developers are trying to follow least privilege but sometimes fail due to insufficient API documentation.
Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. UbiComp
, 2012
"... Smartphone security research has produced many useful tools to analyze the privacy-related behaviors of mobile apps. However, these automated tools cannot assess people’s perceptions of whether a given action is legitimate, or how that action makes them feel with respect to privacy. For example, aut ..."
Abstract
-
Cited by 51 (12 self)
- Add to MetaCart
(Show Context)
Smartphone security research has produced many useful tools to analyze the privacy-related behaviors of mobile apps. However, these automated tools cannot assess people’s perceptions of whether a given action is legitimate, or how that action makes them feel with respect to privacy. For example, automated tools might detect that a blackjack game and a map app both use one’s location information, but people would likely view the map’s use of that data as more legitimate than the game. Our work introduces a new model for privacy, namely privacy as expectations. We report on the results of using crowdsourcing to capture users ’ expectations of what sensitive resources mobile apps use. We also report on a new privacy summary interface that prioritizes and highlights places where mobile apps break people’s expectations. We conclude with a discussion of implications for employing crowdsourcing as a privacy evaluation technique.
A Conundrum of Permissions: Installing Applications on an Android Smartphone
"... Abstract. Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application wil ..."
Abstract
-
Cited by 37 (10 self)
- Add to MetaCart
(Show Context)
Abstract. Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application will not damage the security of their device and whether or not they are willing to share their information with the application, developer, and partners in question. We performed a series of semi-structured interviews in two cities to determine whether people read and understand these permissions screens, and to better understand how people perceive the implications of these decisions. We find that the permissions displays are generally viewed and read, but not understood by Android users. Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app marketplaces test and reject applications. In sum, users are not currently well prepared to make informed privacy and security decisions around installing applications.
Using probabilistic generative models for ranking risks of android apps
- In ACM CCS
, 2012
"... One of Android’s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it pre ..."
Abstract
-
Cited by 35 (0 self)
- Add to MetaCart
(Show Context)
One of Android’s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone ” fashion and in a way that requires too much technical knowledge and time to distill useful information. We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scor-ing schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Ex-perimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing ap-proaches, and that Naive Bayes models give a promising risk scor-ing approach.
Don’t kill my ads! Balancing Privacy in an Ad-Supported Mobile Application Market
"... Application markets have revolutionized the software download model of mobile phones: third-party application developers offer software on the market that users can effortlessly install on their phones. This great step forward, however, also imposes some threats to user privacy: applications often a ..."
Abstract
-
Cited by 22 (0 self)
- Add to MetaCart
(Show Context)
Application markets have revolutionized the software download model of mobile phones: third-party application developers offer software on the market that users can effortlessly install on their phones. This great step forward, however, also imposes some threats to user privacy: applications often ask for permissions that reveal private information such as the user’s location, contacts and messages. While some mechanisms to prevent leaks of user privacy to applications have been proposed by the research community, these solutions fail to consider that application markets are primarily driven by advertisements that rely on accurately profiling the user. In this paper we take into account that there are two parties with conflicting interests: the user, interested in maintaining their privacy and the developer who would like to maximize their advertisement revenue through user profiling. We have conducted an extensive analysis of more than 250,000 applications in the Android market. Our results indicate that the current privacy protection mechanisms are not effective as developers and advert companies are not deterred. Therefore, we designed and implemented a market-aware privacy protection framework that aims to achieve an equilibrium between the developer’s revenue and the user’s privacy. The proposed framework is based on the establishment of a feedback control loop that adjusts the level of privacy protection on mobile phones, in response to advertisement generated revenue. 1.
Privacy as Part of the App Decision-Making Process
"... Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appea ..."
Abstract
-
Cited by 21 (9 self)
- Add to MetaCart
(Show Context)
Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appears after they have selected an app to download, to help them understand how applications access their information. We investigate how permissions and privacy could play a more active role in app-selection decisions. We designed a short “Privacy Facts ” display, which we tested in a 20-participant lab study and a 366-participant online experiment. We found that by bringing privacy information to the user when they were making the decision and by presenting it in a clearer fashion, we could assist users in choosing applications that request fewer permissions.
Update Behavior in App Markets and Security Implications: A Case Study in Google Play
- In Proc. of the 3rd Intl. Workshop on Research in the Large. Held in Conjunction with Mobile HCI
, 2012
"... Digital market places (e.g. Apple App Store, Google Play) have become the dominant platforms for the distribution of software for mobile phones. Thereby, developers can reach millions of users. However, neither of these market places today has mechanisms in place to enforce security critical updates ..."
Abstract
-
Cited by 12 (8 self)
- Add to MetaCart
(Show Context)
Digital market places (e.g. Apple App Store, Google Play) have become the dominant platforms for the distribution of software for mobile phones. Thereby, developers can reach millions of users. However, neither of these market places today has mechanisms in place to enforce security critical updates of distributed apps. This paper investigates this problem by gaining insights on the correlation between published updates and actual installations of those. Our findings show that almost half of all users would use a vulnerable app version even 7 days after the fix has been published. We discuss our results and give initial recommendations to app developers. Author Keywords Mobile applications; digital market places; update behavior; security ACM Classification Keywords D.4.6. Operating Systems: Security and Protection
The impact of vendor customizations on Android security
- In ACM conference on Computer and communications security (CCS ’13
, 2013
"... The smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded mul-tipurpose devices. Android is particularly ascendant; as an open platform, smartphone manufacturers are free to extend and modify it, allowing them to differentiate themsel ..."
Abstract
-
Cited by 11 (0 self)
- Add to MetaCart
(Show Context)
The smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded mul-tipurpose devices. Android is particularly ascendant; as an open platform, smartphone manufacturers are free to extend and modify it, allowing them to differentiate themselves from their competitors. However, vendor customizations will inherently impact overall An-droid security and such impact is still largely unknown. In this paper, we analyze ten representative stock Android im-ages from five popular smartphone vendors (with two models from each vendor). Our goal is to assess the extent of security issues that may be introduced from vendor customizations and further de-termine how the situation is evolving over time. In particular, we take a three-stage process: First, given a smartphone’s stock im-age, we perform provenance analysis to classify each app in the
Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications
"... Google’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we i ..."
Abstract
-
Cited by 10 (0 self)
- Add to MetaCart
(Show Context)
Google’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Underlying our framework is a taxonomy of four major groups of Android permissions, each of which admits some common strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then developed a suite of tools that allow these fine-grained permissions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.
User-Aware Privacy Control via Extended Static-Information-Flow Analysis
"... Applications in mobile-marketplaces may leak private user information without notification. Existing mobile platforms provide little information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their pri ..."
Abstract
-
Cited by 9 (2 self)
- Add to MetaCart
(Show Context)
Applications in mobile-marketplaces may leak private user information without notification. Existing mobile platforms provide little information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware privacy control approach, which reveals how private information is used inside applications. We compute static information flows and classify them as safe/unsafe based on a tamper analysis that tracks whether private data is obscured before escaping through output channels. This flow information enables platforms to provide default settings that expose private data only for safe flows, thereby preserving privacy and minimizing decisions required from users. We built our approach into TouchDevelop, an application-creation environment that allows users to write scripts on mobile devices and install scripts published by other users. We evaluate our approach by studying 546 scripts published by 194 users.
