Advertisement

Application Transiency: Towards a Fair Trade of Personal Information for Application Services

  • Raquel AlvarezEmail author
  • Jake Levenson
  • Ryan Sheatsley
  • Patrick McDaniel
Conference paper
  • 245 Downloads
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 305)

Abstract

Smartphone users are offered a plethora of applications providing services, such as games and entertainment. In 2018, 94% of applications on Google Play were advertised as “free”. However, many of these applications obtain undefined amounts of personal information from unaware users. In this paper, we introduce transiency: a privacy-enhancing feature that prevents applications from running unless explicitly opened by the user. Transient applications can only collect sensitive user information while they are being used, and remain disabled otherwise. We show that a transient app would not be able to detect a sensitive user activity, such as a daily commute to work, unless it was used during the activity. We define characteristics of transient applications and find that, of the top 100 free apps on Google Play, 88 could be made transient. By allowing the user to decide when to allow an app to collect their data, we move towards a fair trade of personal information for application services.

Keywords

Mobile privacy Android 

Notes

Acknowledgements

Thank you to Kim, Cookie, Bon Bon, and all the SIIS labers for the much needed support on my first paper journey. This material is based upon work supported by the National Science Foundation under Grant No. NS-1564105. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

References

  1. 1.
    Elenkov, N.: Android Security Internals. No Starch Press, San Francisco (2015)Google Scholar
  2. 2.
    Stamp, M.: Information Security Principles and Practice. Wiley, Hoboken (2011)CrossRefGoogle Scholar
  3. 3.
    Jaeger, T.: Operating System Security. Morgan & Claypool Publishers, San Rafael (2008)CrossRefGoogle Scholar
  4. 4.
    Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review (2004)Google Scholar
  5. 5.
    Enck, W., et al.: TaintDroid: an information-flow tracking system for realt ime privacy monitoring on smartphones. In: OSDI (2010)Google Scholar
  6. 6.
    Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. In: Proceedings of the 17th Privacy Enhancing Technologies Symposium (2018)Google Scholar
  7. 7.
    Petracca, G., et al.: AWare: preventing abuse of privacy-sensitive sensors via operation bindings. In: Proceedings of the 26th USENIX Security Symposium. USENIX Security (2017)Google Scholar
  8. 8.
    Narain, S., Noubir, G.: Mitigating location privacy attacks on mobile devices using dynamic app sandboxing. In: Procededings of the 19th Privacy Enhancing Technologies Symposium (PETS) (2019)CrossRefGoogle Scholar
  9. 9.
    Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21599-5_7CrossRefGoogle Scholar
  10. 10.
    Tsai, L., et al.: Turtle guard: helping Android users apply contextual privacy preferences. In: Proceedings of the 26th USENIX Security Symposium (2017)Google Scholar
  11. 11.
    Liu, B., et al.: Follow my recommendations: a personalized privacy assistant for mobile app permissions (2016)Google Scholar
  12. 12.
    Hornyack, P., Han, S., Jung, J., Schechter, S., Wetheral, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: CCS (2011)Google Scholar
  13. 13.
    Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: NDSS (2017)Google Scholar
  14. 14.
    Votipka, D., Rabin, S.M., Micinski, K., Gilray, T., Mazurek, M.M., Foster, J.S.: User comfort with Android background resource accesses in different contexts. In: Proceedings of the 14th Symposium on Usable Privacy and Security (2018)Google Scholar
  15. 15.
    Egelman, S., Felt, A.P., Wagner, D.: Choice architecture and smartphone privacy: there’s a price for that. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 211–236. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39498-0_10CrossRefGoogle Scholar
  16. 16.
    Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: 2nd Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2012)Google Scholar
  17. 17.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS) (2012) Google Scholar
  18. 18.
    Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with Android’s runtime permission dialogs using in-context surveys. In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  19. 19.
    Pu, Y., Grossklags, J.: Valuating friends’ privacy: does anonymity of sharing personal data matter? In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  20. 20.
    Tsai, J., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. In: 6th Workshop on the Economics of Information Security (2007)Google Scholar
  21. 21.
    Samat, S., Acquisti, A.: Format vs. content: the impact of risk and presentation on disclosure decisions. In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  22. 22.
    Rao, A., Schaub, F., Sadeh, N., Acquisti, A., Kang, R.: Expecting the unexpected: understanding mismatched privacy expectations online. In: Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS) (2016)Google Scholar
  23. 23.
    Oates, M., et al.: Turtles, locks, and bathrooms: understanding mental models of privacy through illustration. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (PETS) (2018)CrossRefGoogle Scholar
  24. 24.
    Ismail, Q., Ahmed, T., Caine, K., Kapadia, A., Reiter, M.: To permit or not to permit, that is the usability question: crowdsourcing mobile apps’ privacy permission settings. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (PETS) (2017)CrossRefGoogle Scholar
  25. 25.
    Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: Proceedings of the 24th USENIX Security Symposium (2015)Google Scholar
  26. 26.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions dymistified. In: CCS (2011)Google Scholar
  27. 27.
    Chatterjee, R., et al.: The spyware used in intimate partner violence. In: IEEE Symposium on Security and Privacy (2018)Google Scholar
  28. 28.
    Bowers, J., Reaves, B., Sherman, I.N., Traynor, P., Butler, K.: Regulators, mount up! analysis of privacy policies for mobile money services. In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  29. 29.
    Das, A., Borisov, N., Chou, E.: Every move you make: exploring practical issues in smartphone motion sensor fingerprinting and countermeasures. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (PETS) (2018)CrossRefGoogle Scholar
  30. 30.
    Reyes, I., et al.: Won’t somebody think of the children? examining COPPA compliance at scale. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (2018)CrossRefGoogle Scholar
  31. 31.
    Venkatadri, G., Lucherini, E., Sapiezynski, P., Mislove, A.: Investigating sources of PII used in Facebook’s targeted advertising. In: Proceedings of the 19th Privacy Enhancing Technologies Symposium (2019)CrossRefGoogle Scholar
  32. 32.
    Foppe, L., Martin, J., Mayberry, T., Rye, E.C., Brown, L.: Exploiting TLS client authentication for widespread user tracking (2018)Google Scholar
  33. 33.
    Bashir, M.A., Wilson, C.: Diffusion of user tracking data in the online advertising ecosystem. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (2018)CrossRefGoogle Scholar
  34. 34.
    Lifshits, P., et al.: Power to peep-all: inference attacks by malicious batteries on mobile devices. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (2018)CrossRefGoogle Scholar
  35. 35.
    Eskandari, M., Ahmad, M., Oliveira, A.S., Crispo, B.: Analyzing remote server locations for personal data transfers in mobile apps. In: Proceedings of the 17th Privacy Enhancing Technologies Symposium (2017)CrossRefGoogle Scholar
  36. 36.
    Brookman, J., Rouge, P., Alva, A., Yeung, C.: Cross-device tracking: measurement and disclosures. In: Proceedings of the 17th Privacy Enhancing Technologies Symposium (2017)CrossRefGoogle Scholar
  37. 37.
    Zhou, X., et al.: Identity, location. inferring your secrets from Android public resources. In: CCS, Disease and More (2013)Google Scholar
  38. 38.
    Park, H., Eun, J., Lee, J.: Why do smartphone users hesitate to delete unused apps? In: MobileHCI (2018)Google Scholar
  39. 39.
    Senate: Testimony of Mark Zuckerberg. https://www.judiciary.senate.gov/imo/media/doc/04-10-18%20Zuckerberg%20Testimony.pdf. Accessed Feb 2019
  40. 40.
    https://ipdata.co/ . Accessed Feb 2019
  41. 41.
    Statista: Distribution of free and paid Android apps (2019). https://www.statista.com/statistics/266211/distribution-of-free-and-paid-android-apps/
  42. 42.
    Statista: Number of Available Applications in the Google Play Store (2019). https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/
  43. 43.
  44. 44.
  45. 45.
  46. 46.
  47. 47.
  48. 48.
    Google: Android Open Source Code (2019). https://source.android.com/
  49. 49.
  50. 50.
    IPData.co (2019). https://ipdata.co/
  51. 51.
    Google: Google Answers. https://support.google.com/android/answer/9079646?hl=en. Accessed Feb 2019
  52. 52.
  53. 53.
  54. 54.

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Raquel Alvarez
    • 1
    Email author
  • Jake Levenson
    • 1
  • Ryan Sheatsley
    • 1
  • Patrick McDaniel
    • 1
  1. 1.Pennsylvania State UniversityState CollegeUSA

Personalised recommendations