kau.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Derived Partial Identities Generated from App Permissions
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0002-0418-4121
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0002-5235-5335
2017 (English)In: Open Identity Summit 2017: Proceedings / [ed] Lothar Fritsch, Heiko Roßnagel, Detlef Hühnlein, Bonn: Gesellschaft für Informatik, 2017, p. 117-130Conference paper, Published paper (Refereed)
Abstract [en]

This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
Place, publisher, year, edition, pages
Bonn: Gesellschaft für Informatik, 2017. p. 117-130
Series
Lecture Notes in Informatics (LNI), ISSN 1617-5468 ; 277
Keywords [en]
identity management, Partial Identity, Access Control, Apps, Permissions, Privacy, Data
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-63724ISBN: 978-3-88579-671-8 (print)OAI: oai:DiVA.org:kau-63724DiVA, id: diva2:1141681
Conference
Open Identity Summit (OID) 2017, 5-6 october 2017, Karlstad, Sweden.
Available from: 2017-09-15 Created: 2017-09-15 Last updated: 2020-08-11Bibliographically approved
In thesis
1. Towards Measuring Apps' Privacy-Friendliness
Open this publication in new window or tab >>Towards Measuring Apps' Privacy-Friendliness
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland with free services, while their data becomes the subject to monetizing by a genie called big data. In other words, users pay with their personal data but the price is in a way invisible. Poor means to observe and to assess the consequences of data disclosure causes hindrance for the user to be aware of and to take preventive measures.

Mobile operating systems use permission-based access control mechanism to guard system resources and sensors. Depending on the type, apps require explicit consent from the user in order to avail access to those permissions. Nonetheless, it does not put any constraint on access frequency. Granted privileges allow apps to access to users' personal information for indefinite period of time until being revoked explicitly. Available control tools lack monitoring facility which undermines the performance of access control model. It has the ability to create privacy risks and nontransparent handling of personal information for the data subject.

This thesis argues that app behavior analysis yields information which has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision making while selecting apps or services. It introduces models and methods, and demonstrates the risks with experiment results. It also takes the risks into account and makes an effort to determine apps' privacy-friendliness based on empirical data from app-behavior analysis.
Abstract [en]

Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland with free services, while their data becomes the subject to monetizing by a genie called big data. In other words, users pay with their personal data but the price is in a way invisible. They face hindrance to be aware of and to take preventive measures because of poor means to observe and to assess consequences of data disclosure. Available control tools lack monitoring properties that do not allow the user to comprehend the magnitude of personal data access. Such circumstances can create privacy risks, erode intervenability of access control mechanism and lead to opaque handling of personal information for the data subject.

This thesis argues that app behavior analysis yields information which has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision making while selecting apps or services. It introduces models and methods, and demonstrates the data disclosure risks with experimental results. It also takes the risks into account and makes an effort to determine apps' privacy-friendliness based on empirical data from app-behavior analysis.
Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2018. p. 27
Series
Karlstad University Studies, ISSN 1403-8099 ; 2018:31
Keywords
Mobile OS, Apps, User data, Transparency, Privacy
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-68569 (URN)978-91-7063-864-0 (ISBN)978-91-7063-959-3 (ISBN)
Presentation
2018-09-07, 1D 222, Universitetsgatan 2, Karlstad, 10:15 (English)
Opponent
Supervisors
Available from: 2018-08-17 Created: 2018-07-23 Last updated: 2019-07-11Bibliographically approved
2. Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
Open this publication in new window or tab >>Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.
Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services.
Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 218
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:24
Keywords
Mobile Apps, User data, Transparency, Privacy, Data protection
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-79308 (URN)978-91-7867-132-8 (ISBN)978-91-7867-137-3 (ISBN)
Public defence
2020-10-09, 9C203, Universitetsgatan 2, Karlstad, 09:15 (English)
Opponent
Supervisors
Available from: 2020-09-09 Created: 2020-08-11 Last updated: 2020-09-09Bibliographically approved

Open Access in DiVA

fulltext(488 kB)248 downloads
File information
File name FULLTEXT01.pdfFile size 488 kBChecksum SHA-512
6d28a591c3003d9888db8c15b336b92fcf0072544ae15b4037b06c161a78787ff232ba8139f355980669b2c1070a3c9680203f26134c671ef93cf3fd57a5d543
Type fulltextMimetype application/pdf

Other links

Fulltext

Authority records

Fritsch, LotharMomen, Nurul

Search in DiVA

By author/editor
Fritsch, LotharMomen, Nurul
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 248 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1781 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
Karlstad University
|
University Library
|
Researchers support