Smartphone User Privacy Preserving through Crowdsourcing

In current Android architecture, users have to decide whether an app is safe to use or not. Expert users can make savvy decisions to avoid unnecessary private data breach. However, the majority of regular users are not technically capable or do not care to consider privacy implications to make safe decisions. To assist the technically incapable crowd, we propose a permission control framework based on crowdsourcing. At its core, our framework runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or not the permission requests based on decisions from peer expert users. To seek expert users, we propose an expertise rating algorithm using a transitional Bayesian inference model. The recommendation is based on aggregated expert responses and their confidence level. As a complete framework design of the system, this thesis also includes a solution for Android app risks estimation based on behaviour analysis. To eliminate the negative impact from dishonest app owners, we also proposed a bot user detection to make it harder to utilize false recommendations through bot users to impact the overall recommendations. This work also covers a multi-view permission notification design to customize the app safety notification interface based on users\u27 need and an app recommendation method to suggest safe and usable alternative apps to users

Encouraging Privacy-Aware Smartphone App Installation: Finding out what the Technically-Adept Do

Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of knowhow: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy

The Curious Case of the PDF Converter that Likes Mozart: Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps

Third party apps that work on top of personal cloud services such as Google Drive and Dropbox, require access to the user's data in order to provide some functionality. Through detailed analysis of a hundred popular Google Drive apps from Google's Chrome store, we discover that the existing permission model is quite often misused: around two thirds of analyzed apps are over-privileged, i.e., they access more data than is needed for them to function. In this work, we analyze three different permission models that aim to discourage users from installing over-privileged apps. In experiments with 210 real users, we discover that the most successful permission model is our novel ensemble method that we call Far-reaching Insights. Far-reaching Insights inform the users about the data-driven insights that apps can make about them (e.g., their topics of interest, collaboration and activity patterns etc.) Thus, they seek to bridge the gap between what third parties can actually know about users and users perception of their privacy leakage. The efficacy of Far-reaching Insights in bridging this gap is demonstrated by our results, as Far-reaching Insights prove to be, on average, twice as effective as the current model in discouraging users from installing over-privileged apps. In an effort for promoting general privacy awareness, we deploy a publicly available privacy oriented app store that uses Far-reaching Insights. Based on the knowledge extracted from data of the store's users (over 115 gigabytes of Google Drive data from 1440 users with 662 installed apps), we also delineate the ecosystem for third-party cloud apps from the standpoint of developers and cloud providers. Finally, we present several general recommendations that can guide other future works in the area of privacy for the cloud

Encouraging Privacy-Aware Smartphone App Installation: What Would the Technically-Adept Do

Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of knowhow: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy

Encouraging Privacy-Aware Smartphone App Installation: Finding out what the Technically-Adept Do

Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of knowhow: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy

A Privacy-Enhancing Framework for Mobile Devices

The use of mobile devices in daily life has increased exponentially, leading to them occupying many essential aspects of people’s lives, such as replacing credit cards to make payments, and for various forms of entertainment and social activities. Therefore, users have installed an enormous number of apps. These apps can collect and share a large amount of data, such as location data, images, videos, health data, and call logs, which are highly valuable and sensitive for users. Consequently, the use of apps raises a variety of privacy concerns regarding which app is allowed to access and share; to what degree of granularity, and how to manage and limit the disclosure of this data. Accordingly, it is imperative to develop and design a holistic solution for enhancing privacy on mobile apps to meet users’ privacy preferences. The research design in this study involved an attempt to address the problem in a coherent and logical way. Therefore, the research involved different phases, starting with identifying potential user requirements based on the literature, and then designing a participatory study to explore whether the initial requirements and design meet users’ preferences, which in turn led to the design of a final artefact. Design science requires the creation of a viable artefact for the current problem in the field. Thus, this study reviews the current use of privacy technologies and critically analyses the available solutions in order to investigate whether these solutions have the capability to meet personal privacy preferences and maximise users’ satisfaction. It is evident that most of the prior studies assume the homogeneity of privacy preferences across users, yet users’ privacy preferences differ from one user to another in the context of how to control and manage their data, prioritisation of information, personalised notifications, and levels of knowledge. Moreover, solutions with a user interface designed according to the users’ perceptions and based on HCI principles are not readily available. Therefore, it is paramount to meet and adopt user’s need and requirements to enhance privacy technology for mobile apps. A survey of 407 mobile users was undertaken to discover users’ privacy preferences. The outcome of the survey shows that it is possible to prioritise information into 10 unique profiles. Each profile effectively represents a cluster of likeminded users and captures their privacy-related information preferences. The outcomes of the analysis also revealed that users differ not only in the context of prioritisation of their information, but also regarding design, protection settings, responses, and level of knowledge. This, in turn, emphasises the need to develop and design a holistic solution for users, considering all these dimensions. As such, the thesis proposes a novel framework for enhancing privacy technology in a modular and robust manner that would support such a system in practice. This system provides a comprehensive solution that has been developed by considering different dimensions, and it includes a personalised response, prioritisation of privacy-related information, multilevel privacy controls, and also considers users’ varying levels of knowledge. As a result, this approach should enhance users’ privacy awareness and meet their needs to protect their privacy. Additionally, the proposed of the system consists of user interfaces designed according to the users’ perceptions and based on HCI principles to overcome the usability issues without compromising the users’ convenience. Ultimately, the evaluation of the effectiveness of the proposed approach shows that it is feasible and would enhance privacy technology as well as user convenience. This, in turn, would increase trust in the system and reduce privacy concerns

Authorization policies: Using Decision Support System for context-aware protection of user's private data

International audienceNowadays privacy in ambient system is a real issue. Users will have to control their data more and more in the future. Current security systems don't support a strong constraint: policy writers are non-technical users and not security experts. We propose in this paper to use Decision Support techniques and more specifically Multi-Criteria Decision Analysis in the process of authorization policy writing. This research area provides techniques to inform and assist non-technical users to write their own authorization policies following the paradigm of Attribute-Based Access Control