Authorizing Third-Party Applications Served through Messaging Platforms

The widespread adoption of smartphones and the new-generation wireless networks have changed the way that people interact among themselves and with their environment. The use of messaging platforms, such as WhatsApp, has become deeply ingrained in peoples’ lives, and many digital services have started to be delivered using these communication channels. In this work, we propose a new OAuth grant type to be used when the interaction between the resource owner and the client takes place through a messaging platform. This new grant type firstly allows the authorization server to be sure that no Man-in-the-Middle risk exists between the resource owner and the client before issuing an access token. Secondly, it allows the authorization server to interact with the resource owner through the same user-agent already being used to interact with the client, i.e., the messaging platform, which is expected to improve the overall user experience of the authorization process. To verify this assumption, we conducted a usability study in which subjects were required to perform the full authorization process using both the standard authorization code grant type (through a web-browser) and the new grant type defined in this work. They have also been required to fill in a small questionnaire including some demographic information and their impressions about both authorization flows. The results suggest that the proposed grant type eases the authorization process in most cases

Integrating Third-party Applications and Information Systems Into the World Wide Web

In this paper we propose a conceptual architecture that integrates with both third-party applications and information systems. We believe that integrating information systems with the Web will go a long way toward making information systems more understandable. We also believe that integrating third-party applications with the Web will lessen the problem that users have to discard applications they use everyday to navigate and publish in the cyberspace

A modular software architecture for UAVs

There have been several attempts to create scalable and hardware independent software architectures for Unmanned Aerial Vehicles (UAV). In this work, we propose an onboard architecture for UAVs where hardware abstraction, data storage and communication between modules are efficiently maintained. All processing and software development is done on the UAV while state and mission status of the UAV is monitored from a ground station. The architecture also allows rapid development of mission-specific third party applications on the vehicle with the help of the core module

Provision of overcoming the weakness of OAuth 2.0 protocol in online social networking

The Open Authorization Protocol (OAuth 2.0) was introduced to provide secure and efficient method for providing authorization to the third party applications without sharing user’s credentials. Major social internet players like Facebook, Google and Twitter implement their API’s based on this protocol for enhancing the user experience of social sharing and sign-on. However OAuth doesn’t provides the necessary fine-grained access control or any suggestions. We have proposed an enhancement to the OAuth 2.0 authorization which will provide provision of fine grained authorization suggestions to the users while granting permission to the third party applications in online social networking. Our multi criteria suggestion based model method will utilizes user-based, application based, category-based combination filtering systems. Our category-based combination filtering system is based on decision made by the previous users and the application based permission requests for enhancing the user’s privacy control. We have provided a provision for strengthening the OAuth 2.0 protocol in online social networking websites by proposing OAuth 2.0 extension as a browser based extension which allows various users to compose their privacy settings at the time of installing third party applications. DOI: 10.17762/ijritcc2321-8169.150316

A Look into User Privacy and Third-Party Applications in Facebook

Purpose A huge amount of personal and sensitive data are shared on Facebook, which makes it a prime target for attackers. Adversaries can exploit third-party applications connected to a user’s Facebook profiles (i.e. Facebook apps) to gain access to this personal information. Users’ lack of knowledge and the varying privacy policies of these apps make them further vulnerable to information leakage. However, little has been done to identify mismatches between users’ perceptions and the privacy policies of Facebook apps. This paper aims to address this challenge in the work. Design/methodology/approach The authors conducted a lab study with 31 participants, where the authors received data on how they share information on Facebook, their Facebook-related security and privacy practices and their perceptions on the privacy aspects of 65 frequently-used Facebook apps in terms of data collection, sharing and deletion. The authors then compared participants’ perceptions with the privacy policy of each reported app. Participants also reported their expectations about the types of information that should not be collected or shared by any Facebook app. Findings The analysis reveals significant mismatches between users’ privacy perceptions and reality (i.e. privacy policies of Facebook apps), where the authors identified over-optimism not only in users’ perceptions of information collection but also in their self-efficacy in protecting their information in Facebook despite experiencing negative incidents in the past. Originality/value To the best of the knowledge, this is the first study on the gap between users’ privacy perceptions around Facebook apps and reality. The findings from this study offer direction for future research to address that gap through designing usable, effective and personalized privacy notices to help users to make informed decisions about using Facebook apps

Developing an API to Supply Third-party Applications with Environmental Data

In healthcare, weather-sensitivity and the effect of environmental factors on various diseases were subject to extensive research in the last decades. Mostly without discovering statistically significant relationships between diseases and environmental parameters. This is often attributed to a lack of scale for existing studies. Currently, there are no openly available solutions that can support surveys in this regard.Such solutions should be easy to integrate with an existing study platform. In turn, environmental data needs to be fetched for multiple users. This fact led to studies restricting participants in terms of their location or other factors. Consequently, this also meant, that the size of the studies was limited due to the placed constraints. Through the advance of technology, it is now possible to easily retrieve additional information from participants via their mobile smart devices which can be used to fetch various other types of data. These circumstances led to the creation of an environmental data API described in this thesis. It provides functionality to retrieve environmental data from various data sources for a given tuple of latitude, longitude, and timestamp. The API facilitates adding new data sources by simply extending the provided examples. There are no restrictions in terms of spatial or temporal resolution or even source of the data. The resulting API fetches environmental data from multiple sources. It also facilitates obtaining data from other data sources and querying by researchers - including options to filter the data by various parameters. Finally, the API also supports converting between different units

PRIVACY ISSUES IN ONLINE SOCIAL NETWORKS: USER BEHAVIORS AND THIRD-PARTY APPLICATIONS

In contemporary society, social networking websites has developed dramatically and became an indispensable component in our daily life. Since it can help create a more feature-rich online social community, third-party service has been widely adopted in online social networks (OSNs). Integrating these third-party sites and applications has not only extended business of both social network server and third party and but also promises to break down the garden walls of social-networking sites. While at the same time it dramatically raises concerns on privacy leakage. This article mainly focuses on the privacy disclosure issues caused by user’s behavior and third-party applications and websites. On the one hand, because of the diversity of usage behaviors, the revelation of personal information varies significantly. A survey is conducted to present empirical and quantitative result. On the other hand, the access mechanism between OSN and third party is not perfect enough. Besides, it could be a potential source of privacy leak that third-party services sometimes act as advertisers and information aggregators of a user\u27s traversals. The relevant reasons and internal and external threats are presented. Finally, possible solutions to reduce the increasing information disclosure are provided. Actions should be taken along three fronts: the government, the users themselves as well as the third parties

IPhone Securtity Analysis

The release of Apple’s iPhone was one of the most intensively publicized product releases in the history of mobile devices. While the iPhone wowed users with its exciting design and features, it also outraged many for not allowing installation of third party applications and for working exclusively with AT&T wireless services for the first two years. Software attacks have been developed to get around both limitations. The development of those attacks and further evaluation revealed several vulnerabilities in iPhone security. In this paper, we examine several of the attacks developed for the iPhone as a way of investigating the iPhone’s security structure. We also analyze the security holes that have been discovered and make suggestions for improving iPhone security