Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
How much Privilege does an App Need? Investigating Resource Usage of Android Apps
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security, PriSec)ORCID-id: 0000-0002-5235-5335
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security, PRISEC)ORCID-id: 0000-0001-6459-8409
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Privacy and Security, PRISEC)ORCID-id: 0000-0002-0418-4121
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).ORCID-id: 0000-0003-0778-4736
2017 (engelsk)Inngår i: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings), IEEE, 2017Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms. 

sted, utgiver, år, opplag, sider
IEEE, 2017.
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-65605DOI: 10.1109/PST.2017.00039ISI: 000447643500028ISBN: 978-1-5386-2487-6 (tryckt)ISBN: 978-1-5386-2488-3 (digital)OAI: oai:DiVA.org:kau-65605DiVA, id: diva2:1174212
Konferanse
The Fifteenth International Conference on Privacy, Security and Trust – PST 2017. August 28-30, 2017 Calgary, Alberta, Canada
Tilgjengelig fra: 2018-01-15 Laget: 2018-01-15 Sist oppdatert: 2020-08-11bibliografisk kontrollert
Inngår i avhandling
1. Towards Measuring Apps' Privacy-Friendliness
Åpne denne publikasjonen i ny fane eller vindu >>Towards Measuring Apps' Privacy-Friendliness
2018 (engelsk)Licentiatavhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland with free services, while their data becomes the subject to monetizing by a genie called big data. In other words, users pay with their personal data but the price is in a way invisible. Poor means to observe and to assess the consequences of data disclosure causes hindrance for the user to be aware of and to take preventive measures.

Mobile operating systems use permission-based access control mechanism to guard system resources and sensors. Depending on the type, apps require explicit consent from the user in order to avail access to those permissions. Nonetheless, it does not put any constraint on access frequency. Granted privileges allow apps to access to users' personal information for indefinite period of time until being revoked explicitly. Available control tools lack monitoring facility which undermines the performance of access control model. It has the ability to create privacy risks and nontransparent handling of personal information for the data subject.

This thesis argues that app behavior analysis yields information which has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision making while selecting apps or services. It introduces models and methods, and demonstrates the risks with experiment results. It also takes the risks into account and makes an effort to determine apps' privacy-friendliness based on empirical data from app-behavior analysis.

Abstract [en]

Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland with free services, while their data becomes the subject to monetizing by a genie called big data. In other words, users pay with their personal data but the price is in a way invisible. They face hindrance to be aware of and to take preventive measures because of poor means to observe and to assess consequences of data disclosure. Available control tools lack monitoring properties that do not allow the user to comprehend the magnitude of personal data access. Such circumstances can create privacy risks, erode intervenability of access control mechanism and lead to opaque handling of personal information for the data subject.

This thesis argues that app behavior analysis yields information which has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision making while selecting apps or services. It introduces models and methods, and demonstrates the data disclosure risks with experimental results. It also takes the risks into account and makes an effort to determine apps' privacy-friendliness based on empirical data from app-behavior analysis.

sted, utgiver, år, opplag, sider
Karlstad: Karlstads universitet, 2018. s. 27
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2018:31
Emneord
Mobile OS, Apps, User data, Transparency, Privacy
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-68569 (URN)978-91-7063-864-0 (ISBN)978-91-7063-959-3 (ISBN)
Presentation
2018-09-07, 1D 222, Universitetsgatan 2, Karlstad, 10:15 (engelsk)
Opponent
Veileder
Tilgjengelig fra: 2018-08-17 Laget: 2018-07-23 Sist oppdatert: 2019-07-11bibliografisk kontrollert
2. Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
Åpne denne publikasjonen i ny fane eller vindu >>Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
2020 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.

Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services.

sted, utgiver, år, opplag, sider
Karlstads universitet, 2020. s. 218
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2020:24
Emneord
Mobile Apps, User data, Transparency, Privacy, Data protection
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-79308 (URN)978-91-7867-132-8 (ISBN)978-91-7867-137-3 (ISBN)
Disputas
2020-10-09, 9C203, Universitetsgatan 2, Karlstad, 09:15 (engelsk)
Opponent
Veileder
Tilgjengelig fra: 2020-09-09 Laget: 2020-08-11 Sist oppdatert: 2020-09-09bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstFull textIEEE fulltext

Person

Momen, NurulPulls, TobiasFritsch, LotharLindskog, Stefan

Søk i DiVA

Av forfatter/redaktør
Momen, NurulPulls, TobiasFritsch, LotharLindskog, Stefan
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric

doi
isbn
urn-nbn
Totalt: 576 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf