Functionalities as Superior Predictor of Applications Privacy Threats

  • Alessio De Santo
  • Brice Quiquerez
  • Cédric Gaspoz
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 444)


Applications are invading our devices whether in our phones, computers and TVs or in our cars, appliances and cameras. Providing great benefits in terms of added functionalities and customization, these applications also put a lot of pressure on our privacy. In order to offer their services, these applications needs access to data stored on the devices or captured by various sensors. Currently all systems have implemented a permissions based framework for granting access to various data, based on the requests made by the applications. However, it is difficult for most users to make informed decisions when they are asked to grant these accesses. In this paper, we present a paradigm shift from a permissions to a functionalities framework. We show that users are consistent in understanding functionalities offered by applications and we propose an ontology for bridging the gap between understandable functionalities and technical permissions.


Threatening application Privacy Malware User privacy concerns 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adams, W.A.: A transdisciplinary ontology of innovation governance. Artif. Intell. Law. 16, 2, 147–174 (2007).Google Scholar
  2. 2.
    Beresford, A.R. et al.: MockDroid. Proceedings of the 12th Workshop on Mobile Computing Systems and Applications – HotMobile ’11. pp. 49–54 ACM Press, Phoenix, AZ, USA (2011).Google Scholar
  3. 3.
    Bläsing, T. et al.: An android application sandbox system for suspicious software detection. Proc. 5th IEEE Int. Conf. Malicious Unwanted Software, Malware 2010. 55–62 (2010).Google Scholar
  4. 4.
    Chakradeo, S. et al.: MAST: Triage for Market-scale Mobile Malware Analysis. ACM Conf. Secur. Priv. Wirel. Mob. Networks. 13–24 (2013).Google Scholar
  5. 5.
    Chin, E. et al.: Measuring user confidence in smartphone security and privacy. Proceedings of the Eighth Symposium on Usable Privacy and Security – SOUPS ’12. p. 1, Washington, DC, USA (2012).Google Scholar
  6. 6.
    Christensen, C.M. et al.: Finding the Right Job for Your Product. MIT Sloan Manag. Rev. 48, 3, 38–47 (2007).Google Scholar
  7. 7.
    Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS Detecting privacy leaks in iOS applications. Proc. 18th Annu. Netw. Distrib. Syst. Secur. Symp. NDSS 2011. 11 (2011).Google Scholar
  8. 8.
    Egelman, S. et al.: Choice Architecture and Smartphone Privacy: There’s a Price for That. The Economics of Information Security and Privacy. pp. 211–236 Springer Berlin Heidelberg, Berlin, Heidelberg (2013).Google Scholar
  9. 9.
    Enck, W. et al.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Osdi ’10. 49, 1–6 (2010).Google Scholar
  10. 10.
    Felt, A.P. et al.: Android permissions demystified. Proceedings of the 18th ACM conference on Computer and communications security - CCS ’11. pp. 627–637 ACM Press, Chicago, Illinois, USA (2011).Google Scholar
  11. 11.
    Felt, A.P. et al.: I’ve got 99 problems, but vibration ain’t one. Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM ’12. p. 33 ACM Press, Raleigh, North Carolina, USA (2012).Google Scholar
  12. 12.
    Felt, A.P. et al.: The effectiveness of application permissions. Proceedings of the 2nd USENIX conference on Web application development. p. 12 USENIX Association, Berkeley, CA, USA (2011).Google Scholar
  13. 13.
    Gibler, C. et al.: AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 7344 LNCS, 291–307 (2012).Google Scholar
  14. 14.
    Grace, M. et al.: RiskRanker : Scalable and Accurate Zero-day Android Malware Detection Categories and Subject Descriptors. Proc. 10th Int. Conf. Mob. Syst. Appl. Serv. 281–293 (2011).Google Scholar
  15. 15.
    Guarino, N.: Understanding, building and using ontologies. Int. J. Hum. Comput. Stud. 46, 2-3, 293–310 (1997).Google Scholar
  16. 16.
    Hornyack, P. et al.: These Aren’t the Droids You’re Looking for: Retrofitting Android to Protect Data from Imperious Applications. Proc. 18th ACM Conf. Comput. Commun. Secur. 639–652 (2011).Google Scholar
  17. 17.
    Janson, H.: Calculating and Reporting Rorschach Intercoder Agreement. March, (2008).Google Scholar
  18. 18.
    Janson, H., Olsson, U.: A Measure of Agreement for Interval or Nominal Multivariate Observations by Different Sets of Judges. Educ. Psychol. Meas. 64, 1, 62–70 (2004).Google Scholar
  19. 19.
    Joachims, T.: Text Categorization with Support Vector Machines: Learning with Many Relevant Features. Proc. 10th Eur. Conf. Mach. Learn. ECML ’98. 137–142 (1998).Google Scholar
  20. 20.
    Kelley, P.G. et al.: Privacy as part of the app decision-making process. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems – CHI ’13. pp. 3393–3402 ACM Press, Paris, France (2013).Google Scholar
  21. 21.
    Landis, J.R., Koch, G.G.: The measurement of observer agreement for categorical data. Biometrics. 33, 1, 159–174 (1977).Google Scholar
  22. 22.
    McDaniel, P., Smith, S.W.: Not so great expectations: Why Application Markets Haven’t Failed Security. Secur. Privacy, IEEE. 8, 5, 76 – 78 (2010).Google Scholar
  23. 23.
    Pandita, R. et al.: WHYPER : Towards Automating Risk Assessment of Mobile Applications W HYPER : Towards Automating Risk Assessment of Mobile Applications. USENIX Secur. Symp. 527–542 (2013).Google Scholar
  24. 24.
    De Santo, A., Gaspoz, C.: Influence of Users’ Privacy Risks Literacy on the Intention to Install a Mobile Application. In: Rocha, A. et al. (eds.) New Contributions in Information Systems and Technologies. pp. 329–341 Springer International Publishing, Cham (2015).Google Scholar
  25. 25.
    Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. (2012).Google Scholar
  26. 26.
    Stevens, R. et al.: Investigating User Privacy in Android Ad Libraries. Workshop on Mobile Security Technologies (MoST). p. 10, San Francisco, California, USA (2012).Google Scholar
  27. 27.
    Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11, 2, 93–136 (1996).Google Scholar
  28. 28.
    Yan, L., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. Proc. 21st USENIX Secur. Symp. 29 (2012).Google Scholar
  29. 29.
    Zhou, Y. et al.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Proc. 19th Annu. Netw. Distrib. Syst. Secur. Symp. 2, 5–8 (2012).Google Scholar
  30. 30.
    Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. 2012 IEEE Symp. Secur. Priv. 4, 95–109 (2012).Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Information Systems and Management Institute, HES-SOUniversity of Applied Sciences Western Switzerland, HEG ArcNeuchâtelSwitzerland

Personalised recommendations