WASA 2017: Wireless Algorithms, Systems, and Applications pp 445-456 | Cite as
3P Framework: Customizable Permission Architecture for Mobile Applications
Abstract
Mobile applications & smart devices have drastically changed our routine tasks, and have become an integral part of modern society. Along with the numerous benefits we get, major challenges like privacy and safety have become complicated than before. The permission based system for mobile applications is designed to empower the user to decide which resources and information they want the application to access. Most of these permissions are granted during installation of application, but our study shows that the users make weak decisions in protecting their information. Majority of the users, even with technical backgrounds, blindly grant all permissions requested by the application even if they are not necessary for the application to run. In order to give more control to the user, and to enable them to make informed decisions regarding permission, we have proposed a Privacy Permission Policy Framework in this paper. This framework enables the user to have greater control over the permission granting while installing the mobile applications. The implementation and testing of the framework also enabled us to run forensic analysis and understand the scope of permissions requested, based on which this framework can advise the user to select minimum required permissions for the application to work. This makes the users’ privacy more secure, and grants full control over the process.
Keywords
Privacy behaviors Mobile app privacy Android security Users privacy consciousnessReferences
- 1.Statista: Number of Smartphone Users Worldwide from 2014 to 2020. https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/
- 2.Statista: Share of Mobile Phone Users that Use a Smartphone in China from 2013 to 2019. https://www.statista.com/statistics/257045/smartphone-user-penetration-in-china/
- 3.Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 3–14 (2011)Google Scholar
- 4.Thurm, S., Kanel, Y.I.: Your apps are watching you. Wallstreet J. (2010)Google Scholar
- 5.Zhang, L., Cai, Z., Wang, X.: FakeMask: a novel privacy preserving approach for smartphones. IEEE Trans. Netw. Serv. Manag. 13(2), 335–348 (2016)CrossRefGoogle Scholar
- 6.He, Z., Cai, Z., Li, Y.: Customized privacy preserving for classification based applications. In: Proceedings of the ACM Workshop on Privacy-Aware Mobile Computing, pp. 37–42. ACM (2016)Google Scholar
- 7.Balebako, R., Marsh, A., Lin, J., Hong, J., Cranor, L.F.: The privacy and security behaviors of smartphone app developers. In: Workshop on Usable Security UsEC, February 2014Google Scholar
- 8.Chin, E., Felt, A.P., Sekar, V., Wagner, D.: Measuring user confidence in smartphone security and privacy. In: Proceedings of Symposium on Usable Privacy and Security SOUPS. ACM, July 2012Google Scholar
- 9.Felt, A.P., Egelman, S., Wagner, D.: I’Ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 33–44 (2012)Google Scholar
- 10.Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the ACM Conference on Ubiquitous Computing (UbiComp), pp. 501–510. ACM, September 2012Google Scholar
- 11.Benenson, Z., Kroll-Peters, O., Krupp, M.: Attitudes to IT security when using a smartphone. In: Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1179–1183, September 2012Google Scholar
- 12.Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)CrossRefGoogle Scholar
- 13.Fife, E., Orjuela, J.: The privacy calculus: mobile apps and user perceptions of privacy and security. Int. J. Eng. Bus. Manag. 5(1) (2012)Google Scholar
- 14.Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you: raising awareness of data leaks on smartphones. In: Proceedings of the Symposium on Usable Privacy and Security SOUPS. ACM (2013)Google Scholar
- 15.Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an Android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34638-5_6 CrossRefGoogle Scholar
- 16.Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: MockDroid: trading privacy for application functionality on smartphones. In: Proceedings of the Workshop on Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)Google Scholar
- 17.Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 639–652. ACM (2011)Google Scholar
- 18.Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21599-5_7 CrossRefGoogle Scholar
- 19.Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)Google Scholar
- 20.Mueller, K., Butler, K.: Flex-P: flexible Android permissions. In: IEEE Symposium on Security and Privacy, May 2011Google Scholar
- 21.Android, S.D.K.: Android Manifest Permission API 25. https://developer.android.com/reference/android/Manifest.permission.html