3,772 research outputs found
The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
Current smartphone operating systems regulate application permissions by
prompting users on an ask-on-first-use basis. Prior research has shown that
this method is ineffective because it fails to account for context: the
circumstances under which an application first requests access to data may be
vastly different than the circumstances under which it subsequently requests
access. We performed a longitudinal 131-person field study to analyze the
contextuality behind user privacy decisions to regulate access to sensitive
resources. We built a classifier to make privacy decisions on the user's behalf
by detecting when context has changed and, when necessary, inferring privacy
preferences based on the user's past decisions and behavior. Our goal is to
automatically grant appropriate resource requests without further user
intervention, deny inappropriate requests, and only prompt the user when the
system is uncertain of the user's preferences. We show that our approach can
accurately predict users' privacy decisions 96.8% of the time, which is a
four-fold reduction in error rate compared to current systems.Comment: 17 pages, 4 figure
After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance
Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem
AdSplit: Separating smartphone advertising from applications
A wide variety of smartphone applications today rely on third-party
advertising services, which provide libraries that are linked into the hosting
application. This situation is undesirable for both the application author and
the advertiser. Advertising libraries require additional permissions, resulting
in additional permission requests to users. Likewise, a malicious application
could simulate the behavior of the advertising library, forging the user's
interaction and effectively stealing money from the advertiser. This paper
describes AdSplit, where we extended Android to allow an application and its
advertising to run as separate processes, under separate user-ids, eliminating
the need for applications to request permissions on behalf of their advertising
libraries.
We also leverage mechanisms from Quire to allow the remote server to validate
the authenticity of client-side behavior. In this paper, we quantify the degree
of permission bloat caused by advertising, with a study of thousands of
downloaded apps. AdSplit automatically recompiles apps to extract their ad
services, and we measure minimal runtime overhead. We also observe that most ad
libraries just embed an HTML widget within and describe how AdSplit can be
designed with this in mind to avoid any need for ads to have native code
The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions
One of the great innovations of the modern world is the Smartphone app. The sheer multitude of available apps attests to their popularity and general ability to satisfy our wants and needs. The flip side of the functionality these apps offer is their potential for privacy invasion. Apps can, if granted permission, gather a vast amount of very personal and sensitive information. App developers might exploit the combination of human propensities and the design of the Android permission-granting interface to gain permission to access more information than they really need. This compromises personal privacy. The fact that the Android is the globally dominant phone means widespread privacy invasion is a real concern.
We, and other researchers, have proposed alternatives to the Android permission-granting interface. The aim of these alternatives is to highlight privacy considerations more effectively during app installation: to ensure that privacy becomes part of the decision-making process. We report here on a study with 344 participants that compared the impact of a number of permission-granting interface proposals, including our own (called the COPING interface — COmprehensive PermIssioN Granting) and two Android interfaces. To conduct the comparison we carried out an online study with a mixed-model design.
Our main finding is that the focus in these interfaces ought to be on improving the quality of the provided information rather than merely simplifying the interface. The intuitive approach is to reduce and simplify information, but we discovered that this actually impairs the quality of the decision. Our recommendation is that further investigation is required in order to find the “sweet spot” where understandability and comprehensiveness are maximised
Third Party Tracking in the Mobile Ecosystem
Third party tracking allows companies to identify users and track their
behaviour across multiple digital services. This paper presents an empirical
study of the prevalence of third-party trackers on 959,000 apps from the US and
UK Google Play stores. We find that most apps contain third party tracking, and
the distribution of trackers is long-tailed with several highly dominant
trackers accounting for a large portion of the coverage. The extent of tracking
also differs between categories of apps; in particular, news apps and apps
targeted at children appear to be amongst the worst in terms of the number of
third party trackers associated with them. Third party tracking is also
revealed to be a highly trans-national phenomenon, with many trackers operating
in jurisdictions outside the EU. Based on these findings, we draw out some
significant legal compliance challenges facing the tracking industry.Comment: Corrected missing company info (Linkedin owned by Microsoft). Figures
for Microsoft and Linkedin re-calculated and added to Table
Quire: Lightweight Provenance for Smart Phone Operating Systems
Smartphone apps often run with full privileges to access the network and
sensitive local resources, making it difficult for remote systems to have any
trust in the provenance of network connections they receive. Even within the
phone, different apps with different privileges can communicate with one
another, allowing one app to trick another into improperly exercising its
privileges (a Confused Deputy attack). In Quire, we engineered two new security
mechanisms into Android to address these issues. First, we track the call chain
of IPCs, allowing an app the choice of operating with the diminished privileges
of its callers or to act explicitly on its own behalf. Second, a lightweight
signature scheme allows any app to create a signed statement that can be
verified anywhere inside the phone. Both of these mechanisms are reflected in
network RPCs, allowing remote systems visibility into the state of the phone
when an RPC is made. We demonstrate the usefulness of Quire with two example
applications. We built an advertising service, running distinctly from the app
which wants to display ads, which can validate clicks passed to it from its
host. We also built a payment service, allowing an app to issue a request which
the payment service validates with the user. An app cannot not forge a payment
request by directly connecting to the remote server, nor can the local payment
service tamper with the request
- …