FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps

  • Majid Hatamian
  • Jetzabel Serna
  • Kai Rannenberg
  • Bodo Igler
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10442)

Abstract

In this paper, we introduce an approach that aims at increasing individuals’ privacy awareness. We perform a privacy risk assessment of the smartphone applications (apps) installed on a user’s device. We implemented an app behaviour monitoring tool that collects information about access to sensitive resources by each installed app. We then calculate a privacy risk score using a fuzzy logic based approach that considers type, number and frequency of access on resources. The combination of these two concepts provides the user with information about the privacy invasiveness level of the monitored apps. Our approach enables users to make informed privacy decisions, i.e. restrict permissions or report an app based on resource access events. We evaluate our approach by analysing the behaviour of selected apps and calculating their associated privacy score. Initial results demonstrate the applicability of our approach, which allows the comparison of apps by reporting to the user the detected events and the resulting privacy risk score.

Keywords

Smartphone apps Privacy Usability Beacon alarming Privacy risk score Fuzzy logic 

Notes

Acknowledgments

The authors would like to thank: A. Paterno, D. Mattes, D. Wowniuk, M. Duchmann, M. Krapp, and R. Dieges for providing the app. This research work has received funding from the H2020 Marie Skłodowska-Curie EU project “Privacy&Us” under the grant agreement No. 675730.

References

  1. 1.
    Naghizadeh, A., Razeghi, B., Meamari, E., Hatamian, M., Atani, R.E.: C-trust: a trust management system to improve fairness on circular P2P networks. Peer-to-Peer Netw. Appl. 9(6), 1128–1144 (2016)CrossRefGoogle Scholar
  2. 2.
    Smartphone OS Market Share, 2016 Q2. https://www.idc.com/prodserv/smartphone-os-market-share.jsp. Accessed 6 Dec 2016
  3. 3.
    \(97\%\) of malicious mobile malware targets Android. http://www.scmagazineuk.com/updated-97-of-malicious-mobile-malware-targets-android/article/422783/. Accessed 6 Dec 2016
  4. 4.
    Bal, G., Rannenberg, K.: User control mechanisms for privacy protection shouldgo hand in hand with privacy-consequence information: the case of smartphone apps. In: Proceedings of W3C Workshop on Privacy and User-Centric Controls, pp. 1–5, Germany (2014)Google Scholar
  5. 5.
    Android Developers. https://developer.android.com/index.html. Accessed 6 April 2017
  6. 6.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS), pp. 1–14, USA (2012)Google Scholar
  7. 7.
    Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3393–3402, France (2013)Google Scholar
  8. 8.
    Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Proceedings of the 26th International Conference on Financial Cryptography and Data Security, pp. 68–79, Bonaire (2012)Google Scholar
  9. 9.
    Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332, China (2010)Google Scholar
  10. 10.
    Gilbert, P., Chun, B.G., Cox, L., Jung, J.: Automating privacy testing of smartphone applications. Technical report CS-2011-02. Duke University (2011)Google Scholar
  11. 11.
    Beresford, A., Rice, A., Sohan, N.: MockDroid: trading privacy for applica-tion functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54, USA (2011)Google Scholar
  12. 12.
    Zhou, Y., Zhang, X., Jiang, X., Freech, V.W.: Taming information-stealing smartphone applications (on Android). In: Proceedings of the 4th International Conference on Trust and Trustworthy Computing, pp. 93–107, USA (2011)Google Scholar
  13. 13.
    Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in Android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71–72, South Korea (2012)Google Scholar
  14. 14.
    Taylor, V.F., Martinovic, I.: SecuRank: starving permission-hungry apps using contextual permission analysis. In: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 43–52, Austria (2016)Google Scholar
  15. 15.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystied. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638, USA (2011)Google Scholar
  16. 16.
    Hatamian, M., Serna, J.: Informed decision-making supporter and privacy risk analyser in smartphone applications. In: Proceedings of the 35th IEEE International Conference on Consumer Electronics (ICCE), pp. 468–471, USA (2017)Google Scholar
  17. 17.
    Google removes vital privacy feature from Android, claiming its release was accidental. https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them/. Accessed 17 July 2016
  18. 18.
    Razeghi, B., Hatamian, M., Naghizadeh, A., Sabeti, S., Hodtani, G.A.: A novel relay selection scheme for multi-user cooperation communications using fuzzy logic. In: Proceedings of the 12th IEEE International Conference on Networking, Sensing and Control (ICNSC), pp. 241–246, Taiwan (2015)Google Scholar
  19. 19.
    Berenjian, S., Shajari, M., Farshid, N., Hatamian, M.: Intelligent automated intrusion response system based on fuzzy decision making and risk assessment. In: Proceedings of the 8th IEEE International Conference on Intelligent Systems (IS), pp. 709–714, Bulgaria (2016)Google Scholar
  20. 20.
    Tavakkoli, P., Souran, D.M., Tavakkoli, S., Hatamian, M., Mehrabian, A., Balas, V.E.: Classification of the liver disorders data using multi-layer adaptive neuro-fuzzy inference system. In: Proceedings of the 6th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–4, USA (2015)Google Scholar
  21. 21.
    Chen, G., Pham, T.T.: Introduction to Fuzzy Sets, Fuzzy Logic, and Fuzzy Control Systems. CRC Press, Boca Raton (2001)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Majid Hatamian
    • 1
  • Jetzabel Serna
    • 1
  • Kai Rannenberg
    • 1
  • Bodo Igler
    • 2
  1. 1.Chair of Mobile Business and Multilateral SecurityGoethe University FrankfurtFrankfurt am MainGermany
  2. 2.RheinMain University of Applied SciencesWiesbadenGermany

Personalised recommendations