Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 44) Show all publications
Momen, N. & Fritsch, L. (2020). App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy. In: Gesellschaft fur Informatik,: . Paper presented at Sicherheit 2020 (pp. 15-28).
Open this publication in new window or tab >>App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy
2020 (English)In: Gesellschaft fur Informatik,, 2020, p. 15-28Conference paper (Refereed)
Abstract [en]

Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.

Keywords
Privacy; Android; Apps; IdentiĄcation; Digital Identity; Survey and Permissions
National Category
Computer Sciences Information Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-77345 (URN)10.18420/sicherheit2020_01 (DOI)978-3-88579-695-4 (ISBN)
Conference
Sicherheit 2020
Projects
Ars Forencia
Note

Konferensen inställd, men bidrag publicerat

Available from: 2020-03-24 Created: 2020-03-24 Last updated: 2020-03-24
Hatamian, M., Momen, N., Fritsch, L. & Rannenberg, K. (2019). A Multilateral Privacy Impact Analysis Method for Android Apps. In: M. Naldi, G. F. Italiano, K. Rannenberg, M. Medina & A. Bourka (Ed.), Privacy Technologies and Policy: . Paper presented at Annual Privacy Forum 2019, Rome, Italy, June 13-14 (pp. 87-106). Cham: Springer, 11498
Open this publication in new window or tab >>A Multilateral Privacy Impact Analysis Method for Android Apps
2019 (English)In: Privacy Technologies and Policy / [ed] M. Naldi, G. F. Italiano, K. Rannenberg, M. Medina & A. Bourka, Cham: Springer, 2019, Vol. 11498, p. 87-106Conference paper, Published paper (Refereed)
Abstract [en]

Smartphone apps have the power to monitor most of people’s private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people’s activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement regarding the actual privacy risks of apps. This paper presents a multi-source method for privacy analysis and data extraction transparency of Android apps. We describe how we generate several data sets derived from privacy policies, app manifestos, user reviews and actual app profiling at run time. To evaluate our method, we present results from a case study carried out on ten popular fitness and exercise apps. Our results revealed interesting differences concerning the potential privacy impact of apps, with some of the apps in the test set violating critical privacy principles. The result of the case study shows large differences that can help make relevant app choices.

Place, publisher, year, edition, pages
Cham: Springer, 2019
Series
Lecture Notes in Computer Science, LNCS, ISSN 0302-9743, E-ISSN 1611-3349 ; 11498
Keywords
Smartphone apps, Case study, Security, Privacy, Android, Privacy policy, Reviews, Privacy impact, Privacy score and ranking, Privacy risk, Transparency
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-72432 (URN)10.1007/978-3-030-21752-5_7 (DOI)2-s2.0-85067825202 (Scopus ID)978-3-030-21751-8 (ISBN)978-3-030-21752-5 (ISBN)
Conference
Annual Privacy Forum 2019, Rome, Italy, June 13-14
Projects
Excellenta miljön, 8730Alert, 5617Privacy & Us, 4961
Available from: 2019-06-12 Created: 2019-06-12 Last updated: 2019-11-11Bibliographically approved
Momen, N., Hatamian, M. & Fritsch, L. (2019). Did App Privacy Improve After the GDPR?. IEEE Security and Privacy, 17(6), 10-20
Open this publication in new window or tab >>Did App Privacy Improve After the GDPR?
2019 (English)In: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 17, no 6, p. 10-20Article in journal (Refereed) Published
Abstract [en]

In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.

In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.

Place, publisher, year, edition, pages
IEEE, 2019
Keywords
privay, gdpr, apps, smartphones, personal data access, survey
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-75508 (URN)10.1109/MSEC.2019.2938445 (DOI)000494416500003 ()
Projects
AlertPrivacy&Us
Available from: 2019-11-03 Created: 2019-11-03 Last updated: 2019-12-12Bibliographically approved
Colesky, M., Demetzou, K., Fritsch, L. & Herold, S. (2019). Helping Software Architects Familiarize with the General Data Protection Regulation. In: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C): . Paper presented at IEEE International Conference on Software Architecture, ICSA 2019, Hamburg, Germany (pp. 226-229). IEEE
Open this publication in new window or tab >>Helping Software Architects Familiarize with the General Data Protection Regulation
2019 (Swedish)In: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), IEEE , 2019, p. 226-229Conference paper, Published paper (Refereed)
Abstract [en]

Abstract—The General Data Protection Regulation (GDPR)impacts any information systems that process personal datain or from the European Union. Yet its enforcement is stillrecent. Organizations under its effect are slow to adopt itsprinciples. One particular difficulty is the low familiarity withthe regulation among software architects and designers. Thedifficulty to interpret the content of the legal regulation ata technical level adds to that. This results in problems inunderstanding the impact and consequences that the regulationmay have in detail for a particular system or project context.In this paper we present some early work and emergingresults related to supporting software architects in this situation.Specifically, we target those who need to understand how theGDPR might impact their design decisions. In the spirit ofarchitectural tactics and patterns, we systematically identifiedand categorized 155 forces in the regulation. These results formthe conceptual base for a first prototypical tool. It enablessoftware architects to identify the relevant forces by guidingthem through an online questionnaire. This leads them to relevantfragments of the GDPR and potentially relevant privacy patterns.We argue that this approach may help software professionals,in particular architects, familiarize with the GDPR and outlinepotential paths for evaluation.

Place, publisher, year, edition, pages
IEEE, 2019
Keywords
software architecture; data privacy; decision support systems; design decisions
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-71838 (URN)10.1109/ICSA-C.2019.00046 (DOI)978-1-7281-1877-2 (ISBN)978-1-7281-1876-5 (ISBN)
Conference
IEEE International Conference on Software Architecture, ICSA 2019, Hamburg, Germany
Available from: 2019-04-15 Created: 2019-04-15 Last updated: 2019-12-11Bibliographically approved
Fritsch, L. & Fischer-Hübner, S. (2019). Implications of Privacy & Security Research for the Upcoming Battlefield of Things. Journal of Information Warfare, 17(4), 72-87
Open this publication in new window or tab >>Implications of Privacy & Security Research for the Upcoming Battlefield of Things
2019 (English)In: Journal of Information Warfare, ISSN 1445-3312, Vol. 17, no 4, p. 72-87Article in journal (Refereed) Published
Abstract [en]

This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements. Based on this scenario, the authors discuss current research in information security and information privacy and their relevance and applicability for the future scenario.

Place, publisher, year, edition, pages
Peregrine Technical Solutions, LLC, 2019
Keywords
Internet of Things, Autonomous Systems, Digital Warfare, Transfer of Research, Information Privacy, Information Security, Trend Scouting, Cyberwar, Cybersecurity, Weaponisation of Smart Systems
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-71893 (URN)
Projects
Totalförsvarets forskningsinstitut, FOI
Available from: 2019-04-24 Created: 2019-04-24 Last updated: 2019-05-08Bibliographically approved
Fischer-Hübner, S., Martucci, L., Fritsch, L., Pulls, T., Herold, S., Iwaya, L. H., . . . Albin, Z. (2018). A MOOC on Privacy by Design and the GDPR. In: Lynette Drevin, Marianthi Theocharidou (Ed.), Information Security Education: Towards a Cybersecure Society. Paper presented at 11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings (pp. 95-107). Cham, Switzerland: Springer
Open this publication in new window or tab >>A MOOC on Privacy by Design and the GDPR
Show others...
2018 (English)In: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, p. 95-107Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

Place, publisher, year, edition, pages
Cham, Switzerland: Springer, 2018
Series
IFIP Advances in Information Technology (AICT) ; 531
Keywords
privacy, teaching, mooc, course design
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-69413 (URN)10.1007/978-3-319-99734-6_8 (DOI)978-3-319-99734-6 (ISBN)
Conference
11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings
Projects
WISR
Funder
Knowledge Foundation, NU16
Available from: 2018-09-27 Created: 2018-09-27 Last updated: 2019-12-04Bibliographically approved
Fritsch, L. & Fischer-Hübner, S. (2018). Applications of Privacy and Security Research in the Upcoming Battlefield of Things. In: Audun Jøsang (Ed.), Proceedings of the 17th European Conference on Cyber Warfare and Security: . Paper presented at The 17th European Conference on Cyber Warfare and Security. Reading: Academic Conferences and Publishing International Limited
Open this publication in new window or tab >>Applications of Privacy and Security Research in the Upcoming Battlefield of Things
2018 (English)In: Proceedings of the 17th European Conference on Cyber Warfare and Security / [ed] Audun Jøsang, Reading: Academic Conferences and Publishing International Limited, 2018Conference paper, Published paper (Refereed)
Abstract [en]

This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.

Place, publisher, year, edition, pages
Reading: Academic Conferences and Publishing International Limited, 2018
Keywords
internet of things, autonomous systems, digital warfare, transfer of research, information privacy, information security, trend scouting, cyberwar, cybersecurity, weaponization of smart systems
National Category
Information Systems Human Computer Interaction Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-68386 (URN)978-1-911218-85-2 (ISBN)978-1-911218-86-9 (ISBN)
Conference
The 17th European Conference on Cyber Warfare and Security
Available from: 2018-07-04 Created: 2018-07-04 Last updated: 2018-07-05Bibliographically approved
Fritsch, L. (2018). How Big Data Helps SDN with data Protection and Privacy. In: Javid Taheri (Ed.), Big Data and Software Defined Networks: (pp. 339-351). London, UK: Institution of Engineering and Technology
Open this publication in new window or tab >>How Big Data Helps SDN with data Protection and Privacy
2018 (English)In: Big Data and Software Defined Networks / [ed] Javid Taheri, London, UK: Institution of Engineering and Technology, 2018, p. 339-351Chapter in book (Refereed)
Place, publisher, year, edition, pages
London, UK: Institution of Engineering and Technology, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-66469 (URN)978-1-78561-304-3 (ISBN)
Projects
Ars Forensica, 5123
Available from: 2018-02-23 Created: 2018-02-23 Last updated: 2019-11-07Bibliographically approved
Fritsch, L., Tjostheim, I. & Kitkowska, A. (2018). I’m Not That Old Yet! The Elderly and Us in HCI and Assistive Technology. In: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018: . Paper presented at 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI), September 3rd - 6th, 2018 Barcelona, Spain.. Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth
Open this publication in new window or tab >>I’m Not That Old Yet! The Elderly and Us in HCI and Assistive Technology
2018 (English)In: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018, Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth , 2018Conference paper, Published paper (Other academic)
Abstract [en]

Recent HCI research in information security and privacy focuses on the Elderly. It aims at the provision of inclu-sive, Elderly-friendly interfaces for security and data protection features. Much attention is put on care situa-tions where the image of the Elderly is that of sick or disabled persons not mastering contemporary infor-mation technology. That population is however a frac-tion of the group called the Elderly. In this position pa-per, we argue that the Elderly are a very diverse popu-lation. We discuss issues rising from researchers and software architects’ misconception of the Elderly as technology-illiterate and unable. We suggest a more nuanced approach that includes changing personal abil-ities over the course of life.

Place, publisher, year, edition, pages
Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth, 2018
Keywords
elderly, HCI, design, avatars, misconception
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-68974 (URN)
Conference
20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI), September 3rd - 6th, 2018 Barcelona, Spain.
Funder
The Research Council of Norway, 270969
Available from: 2018-09-03 Created: 2018-09-03 Last updated: 2019-07-11Bibliographically approved
Tjostheim, I. & Fritsch, L. (2018). Similar Information Privacy Behavior in 60-65s vs. 50-59ers - Findings From A European Survey on The Elderly. In: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018; September 3, 2018,  Barcelona, Spain: . Paper presented at 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018; September 3, 2018, Barcelona, Spain. Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth
Open this publication in new window or tab >>Similar Information Privacy Behavior in 60-65s vs. 50-59ers - Findings From A European Survey on The Elderly
2018 (English)In: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018; September 3, 2018,  Barcelona, Spain, Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth , 2018Conference paper, Published paper (Other academic)
Abstract [en]

In this article, we presentfindings from a European survey with 10 countries on the subject sharing of personal information and concernsof the citizens. We compare the age group 60-65 years old with the age group 50-59, and in addition compare the Nordic region with the non-nordic population.There are more similarities than differences. The survey indicates that many of the elderly 60-65 take steps to protect their personal data.

Place, publisher, year, edition, pages
Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth, 2018
Keywords
age, attitudes, technology, data sharing
National Category
Human Computer Interaction Computer Engineering
Research subject
Computer Science; Psychology
Identifiers
urn:nbn:se:kau:diva-68975 (URN)
Conference
20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018; September 3, 2018, Barcelona, Spain
Projects
ALERT
Funder
The Research Council of Norway, 270969
Available from: 2018-09-03 Created: 2018-09-03 Last updated: 2019-07-11Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-0418-4121

Search in DiVA

Show all publications