Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A Multilateral Privacy Impact Analysis Method for Android Apps
Goethe University Frankfurt, Germany.
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Prisec, Privacy and Security)ORCID-id: 0000-0002-5235-5335
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (Prisec, Privacy and Security)ORCID-id: 0000-0002-0418-4121
Goethe University Frankfurt, Germany.
2019 (engelsk)Inngår i: Privacy Technologies and Policy / [ed] M. Naldi, G. F. Italiano, K. Rannenberg, M. Medina & A. Bourka, Cham: Springer, 2019, Vol. 11498, s. 87-106Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Smartphone apps have the power to monitor most of people’s private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people’s activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement regarding the actual privacy risks of apps. This paper presents a multi-source method for privacy analysis and data extraction transparency of Android apps. We describe how we generate several data sets derived from privacy policies, app manifestos, user reviews and actual app profiling at run time. To evaluate our method, we present results from a case study carried out on ten popular fitness and exercise apps. Our results revealed interesting differences concerning the potential privacy impact of apps, with some of the apps in the test set violating critical privacy principles. The result of the case study shows large differences that can help make relevant app choices.

sted, utgiver, år, opplag, sider
Cham: Springer, 2019. Vol. 11498, s. 87-106
Serie
Lecture Notes in Computer Science, LNCS, ISSN 0302-9743, E-ISSN 1611-3349 ; 11498
Emneord [en]
Smartphone apps, Case study, Security, Privacy, Android, Privacy policy, Reviews, Privacy impact, Privacy score and ranking, Privacy risk, Transparency
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-72432DOI: 10.1007/978-3-030-21752-5_7ISI: 000561013800007Scopus ID: 2-s2.0-85067825202ISBN: 978-3-030-21751-8 (tryckt)ISBN: 978-3-030-21752-5 (digital)OAI: oai:DiVA.org:kau-72432DiVA, id: diva2:1323331
Konferanse
Annual Privacy Forum 2019, Rome, Italy, June 13-14
Prosjekter
Excellenta miljön, 8730Alert, 5617Privacy & Us, 4961Tilgjengelig fra: 2019-06-12 Laget: 2019-06-12 Sist oppdatert: 2020-09-24bibliografisk kontrollert
Inngår i avhandling
1. Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
Åpne denne publikasjonen i ny fane eller vindu >>Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
2020 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.

Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services.

sted, utgiver, år, opplag, sider
Karlstads universitet, 2020. s. 218
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2020:24
Emneord
Mobile Apps, User data, Transparency, Privacy, Data protection
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-79308 (URN)978-91-7867-132-8 (ISBN)978-91-7867-137-3 (ISBN)
Disputas
2020-10-09, 9C203, Universitetsgatan 2, Karlstad, 09:15 (engelsk)
Opponent
Veileder
Tilgjengelig fra: 2020-09-09 Laget: 2020-08-11 Sist oppdatert: 2020-09-09bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Person

Momen, NurulFritsch, Lothar

Søk i DiVA

Av forfatter/redaktør
Momen, NurulFritsch, Lothar
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric

doi
isbn
urn-nbn
Totalt: 10769 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf