1,592 research outputs found
Expecting the Unexpected in Security Violations in Mobile Apps
personal data. This increased access and control may raise usersâ perception of heightened privacy leakage and security issues. This is especially the case if usersâ awareness and expectations of this external access and control is not accurately recognized through proper security declarations. This proposal thus attempts to put forth an investigation on the effect of mobile usersâ privacy expectation disconfirmation on their continued usage intention of mobile apps sourced from app distribution stores. Drawing upon the APCO framework, security awareness literature and the expectation-disconfirmation perspective, two key types of security awareness information are identified; namely access annotation and modification annotation. It is noted that these types of information can be emphasized in app distribution stores to reduce subsequent privacy expectation disconfirmation. Hence, this study plans to examine the downstream effect of privacy expectation disconfirmation on usersâ continued usage intention. To operationalize this research, a laboratory experiment will be conducted
Understanding and measuring privacy violations in Android apps
Increasing data collection and tracking of consumers by todayâs online services is becoming a major problem for individualsâ rights. It raises a serious question about whether such data collection can be legally justified under legislation around the globe. Unfortunately, the community lacks insight into such violations in the mobile ecosystem. In this dissertation, we approach these problems by presenting a line of work that provides a comprehensive understanding of privacy violations in Android apps in the wild and automatically measures such violations at scale. First, we build an automated tool that detects unexpected data access based on user perception when interacting with the appsâ user interface. Subsequently, we perform a large-scale study on Android apps to understand how prevalent violations of GDPRâs explicit consent requirement are in the wild. Finally, until now, no study has systematically analyzed the currently implemented consent notices and whether they conform to GDPR in mobile apps. Therefore, we propose a mostly automated and scalable approach to identify the current practices of implemented consent notices. We then develop an automatic tool that detects data sent out to the Internet with different consent conditions. Our result shows the urgent need for more transparent user interface designs to better inform users of data access and call for new tools to support app developers in this endeavor.Die zunehmende Datenerfassung und Verfolgung von Konsumenten durch die heutigen Online-Dienste wird zu einem groĂen Problem fĂŒr individuelle Rechte. Es wirft eine ernsthafte Frage auf, ob eine solche Datenerfassung nach der weltweiten Gesetzgebung juristisch begrĂŒndet werden kann. Leider hat die Gemeinschaft keinen Einblick in diese VerstöĂe im mobilen Ăkosystem. In dieser Dissertation nĂ€hern wir uns diesen Problemen, indem wir eine Arbeitslinie vorstellen, die ein umfassendes VerstĂ€ndnis von Datenschutzverletzungen in Android- Apps in der Praxis bietet und solche VerstöĂe automatisch misst. ZunĂ€chst entwickeln wir ein automatisiertes Tool, das unvorhergesehene Datenzugriffe basierend auf der Nutzung der BenutzeroberflĂ€che von Apps erkennt. Danach fĂŒhren wir eine umfangreiche Studie zu Android-Apps durch, um zu verstehen, wie hĂ€ufig VerstöĂe gegen die ausdrĂŒckliche Zustimmung der GDPR vorkommen. SchlieĂlich hat bis jetzt keine Studie systematisch die gegenwĂ€rtig implementierten Zustimmungen und deren Ăbereinstimmung mit der GDPR in mobilen Apps analysiert. Daher schlagen wir einen meist automatisierten und skalierbaren Ansatz vor, um die aktuellen Praktiken von Zustimmungen zu identifizieren. Danach entwickeln wir ein Tool, das Daten erkennt, die mit unterschiedlichen Zustimmungsbedingungen ins Internet gesendet werden. Unser Ergebnis zeigt den dringenden Bedarf an einer transparenteren Gestaltung von BenutzeroberflĂ€chen, um die Nutzer besser ĂŒber den Datenzugriff zu informieren, und wir fordern neue Tools, die App-Entwickler bei diesem Unterfangen unterstĂŒtzen. ii
Android Permissions Remystified: A Field Study on Contextual Integrity
Due to the amount of data that smartphone applications can potentially
access, platforms enforce permission systems that allow users to regulate how
applications access protected resources. If users are asked to make security
decisions too frequently and in benign situations, they may become habituated
and approve all future requests without regard for the consequences. If they
are asked to make too few security decisions, they may become concerned that
the platform is revealing too much sensitive information. To explore this
tradeoff, we instrumented the Android platform to collect data regarding how
often and under what circumstances smartphone applications are accessing
protected resources regulated by permissions. We performed a 36-person field
study to explore the notion of "contextual integrity," that is, how often are
applications accessing protected resources when users are not expecting it?
Based on our collection of 27 million data points and exit interviews with
participants, we examine the situations in which users would like the ability
to deny applications access to protected resources. We found out that at least
80% of our participants would have preferred to prevent at least one permission
request, and overall, they thought that over a third of requests were invasive
and desired a mechanism to block them
Tethering Applications and Open Internet Rules for the Mobile Broadband: Lessons from the FCC-Verizon Settlement
This note investigates the regulation of mobile broadband using tethering applications as an example of how to apply net neutrality rules. Part II looks at the recent history of the FCC Open Internet regulations and the rapid advances in the speed, capabilities, and prevalence of mobile broadband as a primary means of Internet access. Part III discusses the 2012 settlement reached between Verizon and the FCC over Verizon\u27s request that Google remove tethering apps from the Android Store. Following that, Part IV assesses the merits of the FCC\u27s current approach to enforcing net neutrality policy via contractual provisions attached to the sale of blocks of the wireless spectrum at auction. Using the contrasting examples of iTether and the FCCVerizon settlement, this note will argue that the current regulatory regime is ineffective because: (a) the FCC can only control blocking of mobile tethering apps through providers subject to wireless spectrum licensing terms (which state that licensees may not block apps); (b) in most cases, platform designers (e.g. Apple and Google), not providers, do the actual blocking by pulling tethering apps from their stores; and (c) therefore, the FCC cannot control the blocking of tethering apps in most cases
Uncertain Terms
Health apps collect massive amounts of sensitive consumer data, including information about usersâ reproductive lives, mental health, and genetics. As a result, consumers in this industry may shop for privacy terms when they select a product. Yet our research reveals that many digital health tech companies reserve the right to unilaterally amend their terms of service and their privacy policies. This ability to make one-sided changes undermines the market for privacy, leaving users vulnerable. Unfortunately, the current law generally tolerates unilateral amendments, despite fairness and efficiency concerns. We therefore propose legislative, regulatory, and judicial solutions to better protect consumers of digital health tech and beyond
Classification Models for Preventing Juvenile Crimes Committed with Malware Apps
Spectacular developments that were recorded in the field of software engineering in recent years have led to the influx of software industry with series of computer apps such as dating apps, games apps, entertainment apps, banking apps, Photoshop apps, meetings and virtual conferencing apps. Studies have shown that most computer apps are widely accessible to adults and juveniles to download and effortlessly navigate through them. However, researchers have now revealed the existence of malware apps as new groups of computer apps that are strongly competing with legitimate computer apps and the latest rates at which some juveniles can adopt them to commit crimes. These discoveries have raised serious doubts about the elements of the crimes, the circumstances that surround vulnerable children to commit the crimes and how these dilemmas are rarely buttressed by pragmatic studies over the years. This chapter adopts mixed methods to critically explore the above issues. Qualitative interviews of 60 teenagers (between the ages of 10 and 17) and 20 grown-up children (between the ages of 18 and 22) together with 5 professionals were carried out. The analysis extended the generic elements of juvenile crime and raised new legal dilemmas regarding the concepts of transfer of criminal liability, compelled (or obligated) liability, âactâ that constitutes juvenile crimes and the restrictive applicability regarding criminal consent of extremely young children that are still under the tutelage and guidance of their parents
Usability and Security in Medication. Administration Applications
The traditional process of ïŹlling the medicine trays and dispensing the medicines to the patients in the hospitals is manually done by reading the printed paper medicinechart. This process can be very strenuous and error-prone, given the number of sub-tasksinvolved in the entire workïŹow and the dynamic nature of the work environment.Therefore, efforts are being made to digitalise the medication dispensation process byintroducing a mobile application called Smart Dosing application. The introduction ofthe Smart Dosing application into hospital workïŹow raises security concerns and callsfor security requirement analysis.
This thesis is written as a part of the smart medication management project at EmbeddedSystems Laboratory, AËbo Akademi University. The project aims at digitising the medicine dispensation process by integrating information from various health systems, and making them available through the Smart Dosing application. This application is intended to be used on a tablet computer which will be incorporated on the medicine tray. The smart medication management system include the medicine tray, the tablet device, and the medicine cups with the cup holders. Introducing the Smart Dosing application should not interfere with the existing process carried out by the nurses, and it should result in minimum modiïŹcations to the tray design and the workïŹow. The re-designing of the tray would include integrating the device running the application into the tray in a manner that the users ïŹnd it convenient and make less errors while using it.
The main objective of this thesis is to enhance the security of the hospital medicine dispensation process by ensuring the security of the Smart Dosing application at various levels. The methods used for writing this thesis was to analyse how the tray design, and the application user interface design can help prevent errors and what secure technology choices have to be made before starting the development of the next prototype of the Smart Dosing application. The thesis ïŹrst understands the context of the use of the application, the end-users and their needs, and the errors made in everyday medication dispensation workïŹow by continuous discussions with the nursing researchers. The thesis then gains insight to the vulnerabilities, threats and risks of using mobile application in hospital medication dispensation process. The resulting list of security requirements was made by analysing the previously built prototype of the Smart Dosing application, continuous interactive discussions with the nursing researchers, and an exhaustive state-of-the-art study on security risks of using mobile applications in hospital context. The thesis also uses Octave Allegro method to make the readers understand the likelihood and impact of threats, and what steps should be taken to prevent or ïŹx them. The security requirements obtained, as a result, are a starting point for the developers of the next iteration of the prototype for the Smart Dosing application.Siirretty Doriast
Client-Clinician Texting: An Expansion of the Clinical Holding Environment
While there has been a surge in the texting literature related to the innovative uses of mobile technology in clinical social work practice, there is a dearth of knowledge related to the use of texting between clients and clinicians. Regardless of a clinicianâs individual preference for using texting, cultural paradigm shifts in communication and interpersonal expectations will require incorporation of texting technology to meet client demands. This two-part dissertation provides a critical review of the literature that chronicles the rapid diffusion of texting into American culture and identifies its current use in psychotherapy. It demonstrates a significant gap related to its impact on the therapeutic relationship, as well as the absence of theoretical evolution to guide practice. An accompanying article expands relational theory as a way to conceptualize texting and texting behaviors in order to make responsible and purposeful decisions when integrating this technology. Composite case vignettes will demonstrate how âtheoretical knowingâ can be translated into âclinical doingâ to address this current gap between theory and practice
- âŠ