ABSTRACT
Smartphone apps today request permission to access a multitude of sensitive resources, which users must accept completely during installation (e.g., on Android) or selectively configure after installation (e.g., on iOS, but also planned for Android). Everyday users, however, do not have the ability to make informed decisions about which permissions are essential for their usage. For enhanced privacy, we seek to leverage crowdsourcing to find minimal sets of permissions that will preserve the usability of the app for diverse users. We advocate an efficient 'lattice-based' crowd-management strategy to explore the space of permissions sets. We conducted a user study (N = 26) in which participants explored different permission sets for the popular Instagram app. This study validates our efficient crowd management strategy and shows that usability scores for diverse users can be predicted accurately, enabling suitable recommendations.
- Amini, S., Lin, J., Hong, J. I., Lindqvist, J., and Zhang, J. Mobile application evaluation using automation and crowdsourcing. In Workshop on Privacy Enhancing Tools (July 2013).Google Scholar
- Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., and Shastry, B. Towards taming privilege-escalation attacks on Android. In 19th Network & Distributed System Security Symposium (Feb. 2012).Google Scholar
- Ekstrand, M. D., Riedl, J. T., and Konstan, J. A. Collaborative filtering recommender systems. Foundations and Trends in Human-Computer Interaction 4, 2 (Feb. 2011), 81--173. Google ScholarDigital Library
- Felt, A. P., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In 18th ACM Conference on Computer and Communications Security (2011), 627--638. Google ScholarDigital Library
- Felt, A. P., Greenwood, K., and Wagner, D. The effectiveness of application permissions. In 2nd USENIX Conference on Web Application Development (2011), 75--86. Google ScholarDigital Library
- Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android permissions: User attention, comprehension, and behavior. In 8th Symposium on Usable Privacy and Security (2012), 3:1--3:14. Google ScholarDigital Library
- Kelley, P. G., Consolvo, S., Cranor, L. F., Jung, J., Sadeh, N., and Wetherall, D. A conundrum of permissions: Installing applications on an Android smartphone. In Financial Cryptography and Data Security. Springer, 2012, 68--79. Google ScholarDigital Library
- Kelley, P. G., Cranor, L. F., and Sadeh, N. Privacy as part of the app decision-making process. In 2013 ACM Conference on Human Factors in Computing Systems (2013), 3393--3402. Google ScholarDigital Library
- Kennedy, K., Gustafson, E., and Chen, H. Quantifying the effects of removing permissions from Android applications. In IEEE Mobile Security Technologies (2013).Google Scholar
- Lin, J., Sadeh, N., Amini, S., Lindqvist, J., Hong, J. I., and Zhang, J. Expectation and purpose: Understanding users' mental models of mobile app privacy through crowdsourcing. In 2012 ACM Conference on Ubiquitous Computing (2012), 501--510. Google ScholarDigital Library
- Mukherjee, A., Kumar, A., Liu, B., Wang, J., Hsu, M., Castellanos, M., and Ghosh, R. Spotting opinion spammers using behavioral footprints. In 19th ACM Conference on Knowledge Discovery and Data Mining (2013), 632--640. Google ScholarDigital Library
- Nauman, M., Khan, S., and Zhang, X. Apex: Extending Android permission model and enforcement with user-defined runtime constraints. In 5th ACM Symposium on Information, Computer and Communications Security (2010), 328--332. Google ScholarDigital Library
- Resnick, P., Iacovou, N., Bergstrom, M. S. P., and Riedl, J. T. GroupLens: An open architecture for collaborative filtering of netnews. In ACM Conference on Computer Supported Collaborative Work (1994), 175--186. Google ScholarDigital Library
- Saltzer, J. H., and Schroeder, M. D. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (Sept. 1975).Google ScholarCross Ref
- Sarwar, B., Karypis, G., Konstan, J., and Riedl, J. Analysis of recommendation algorithms for e-commerce. In 2nd ACM Conference on Electronic Commerce (2000), 158--167. Google ScholarDigital Library
- Sarwar, B., Karypis, G., Konstan, J., and Riedl, J. Item-based collaborative filtering recommendation algorithms. In 10th International Conference on World Wide Web (2001), 285--295. Google ScholarDigital Library
Index Terms
- Crowdsourced Exploration of Security Configurations
Recommendations
Reproducing context-sensitive crashes of mobile apps using crowdsourced monitoring
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and SystemsWhile the number of mobile apps published by app stores keeps on increasing, the quality of these apps varies widely. Unfortunately, for many apps, end-users continue experiencing bugs and crashes once installed on their mobile device. Crashes are ...
Is this app safe?: a large scale study on application permissions and risk signals
WWW '12: Proceedings of the 21st international conference on World Wide WebThird-party applications (apps) drive the attractiveness of web and mobile application platforms. Many of these platforms adopt a decentralized control strategy, relying on explicit user consent for granting permissions that the apps request. Users have ...
Sleeping android: the danger of dormant permissions
SPSM '13: Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devicesAn Android app must be authorized for permissions, defined by the Android platform, in order to access certain capabilities of an Android device. An app developer specifies which permissions an app will require and these permissions must be authorized ...
Comments