Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Prisec, Privacy and security)ORCID iD: 0000-0002-5235-5335
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Prisec, Privacy and security)ORCID iD: 0000-0002-0418-4121
2020 (English)In: Sicherheit 2020 / [ed] Reinhardt, D.; Langweg, H.; Witt, B. C; Fischer, M, Gesellschaft für Informatik, 2020, p. 15-28Conference paper, Published paper (Refereed)
Abstract [en]

Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.

Place, publisher, year, edition, pages
Gesellschaft für Informatik, 2020. p. 15-28
Keywords [en]
Privacy; Android; Apps; IdentiĄcation; Digital Identity; Survey and Permissions
National Category
Computer Sciences Information Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-77345DOI: 10.18420/sicherheit2020_01ISBN: 978-3-88579-695-4 (electronic)OAI: oai:DiVA.org:kau-77345DiVA, id: diva2:1416473
Conference
INFORMATIK 2020 - Back to the Future
Projects
Ars Forencia
Note

Konferensen inställd, men bidrag publicerat

Available from: 2020-03-24 Created: 2020-03-24 Last updated: 2021-03-11Bibliographically approved
In thesis
1. Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
Open this publication in new window or tab >>Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.

Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 218
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:24
Keywords
Mobile Apps, User data, Transparency, Privacy, Data protection
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-79308 (URN)978-91-7867-132-8 (ISBN)978-91-7867-137-3 (ISBN)
Public defence
2020-10-09, 9C203, Universitetsgatan 2, Karlstad, 09:15 (English)
Opponent
Supervisors
Available from: 2020-09-09 Created: 2020-08-11 Last updated: 2020-09-09Bibliographically approved

Open Access in DiVA

fulltext(1028 kB)76 downloads
File information
File name FULLTEXT01.pdfFile size 1028 kBChecksum SHA-512
95e841aeb6f8cea983dea62f3a75e0c71ca8bcb7272801f8d97914fd11f7592b1efabb26596c54b548007a41886482590f08a0412c57536da9401ba510d83d88
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records

Momen, NurulFritsch, Lothar

Search in DiVA

By author/editor
Momen, NurulFritsch, Lothar
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer SciencesInformation Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 76 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 511 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf