Characterizing Privacy Risks of Mobile Apps with Sensitivity Analysis

被引:14
|
作者
Zhang, Li Lyna [1 ,2 ]
Liang, Chieh-Jan Mike [2 ]
Li, Zhao Lucis [1 ,2 ]
Liu, Yunxin [2 ]
Zhao, Feng [2 ]
Chen, Enhong [1 ]
机构
[1] Univ Sci & Technol China, Hefei 230022, Anhui, Peoples R China
[2] Microsoft Res, Beijing 100080, Peoples R China
来源
IEEE TRANSACTIONS ON MOBILE COMPUTING | 2018年 / 17卷 / 02期
关键词
Mobile applications; sensitivity analysis; automated testing; privacy;
D O I
10.1109/TMC.2017.2708716
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Given the emerging concerns over app privacy-related risks, major app distribution providers (e.g., Microsoft) have been exploring approaches to help end users to make informed decision before installation. This is different from existing approaches of simply trusting users to make the right decision. We build on the direction of risk rating as the way to communicate app-specific privacy risks to end users. To this end, we propose to use sensitivity analysis to infer whether an app requests sensitive on-device resources/data that are not required for its expected functionality. Our system, Privet, addresses challenges in efficiently achieving test coverage and automated privacy risk assessment. Finally, we evaluate Privet with 1,000 Android apps released in the wild.
引用
收藏
页码:279 / 292
页数:14
相关论文
共 50 条
  • [1] Privacy Risks in Mobile Dating Apps
    Farnden, Jody
    Martini, Ben
    Choo, Kim-Kwang Raymond
    [J]. AMCIS 2015 PROCEEDINGS, 2015,
  • [2] KOALA Hero: Inform Children of Privacy Risks of Mobile Apps
    Zhao, Jun
    Duron, Blanche
    Wang, Ge
    [J]. PROCEEDINGS OF THE 2022 ACM INTERACTION DESIGN AND CHILDREN, IDC 2022, 2022, : 523 - 528
  • [3] An Analysis of Mobile Gaming Apps' Privacy Policies
    Wang, Tian
    Hayes, Carol Mullins
    Chen, Chen
    Bashir, Masooda
    [J]. 2022 IEEE GAMES, ENTERTAINMENT, MEDIA CONFERENCE (GEM), 2022,
  • [4] Automated Analysis of Privacy Requirements for Mobile Apps
    Zimmeck, Sebastian
    Wang, Ziqi
    Zou, Lieyong
    Iyengar, Roger
    Liu, Bin
    Schaub, Florian
    Wilson, Shomir
    Sadeh, Norman
    Bellovin, Steven M.
    Reidenberg, Joel
    [J]. 24TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2017), 2017,
  • [5] Understanding Privacy Risks of Intelligent Connected Vehicles Through Their Companion Mobile Apps
    Yang, Peifu
    Nan, Yuhong
    Xue, Lei
    Zhang, Yuliang
    Zhai, Juan
    Zheng, Zibin
    [J]. IEEE Internet of Things Journal, 2024, 11 (20) : 33683 - 33695
  • [6] Heterogeneous User Responses to Privacy Risks in Mobile Apps: Understanding the Dualistic Role of Privacy Risk Perceptions
    Cho, Hichang
    [J]. PUBLICATION OF THE 25TH ACM INTERNATIONAL CONFERENCE ON MOBILE HUMAN-COMPUTER INTERACTION, MOBILEHCI 2023 ADJUNCT, 2023,
  • [7] Et tu, Brute? Privacy Analysis of GovernmentWebsites and Mobile Apps
    Samarasinghe, Nayanamana
    Adhikari, Aashish
    Mannan, Mohammad
    Youssef, Amr
    [J]. PROCEEDINGS OF THE ACM WEB CONFERENCE 2022 (WWW'22), 2022, : 564 - 575
  • [8] An Empirical Analysis of Security and Privacy Risks in Android Cryptocurrency Wallet Apps
    Sentana, I. Wayan Budi
    Ikram, Muhammad
    Kaafar, Mohamed Ali
    [J]. APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PT II, ACNS 2023, 2023, 13906 : 699 - 725
  • [9] The Privacy Calculus: Mobile Apps and User Perceptions of Privacy and Security
    Fife, Elizabeth
    Orjuela, Juan
    [J]. INTERNATIONAL JOURNAL OF ENGINEERING BUSINESS MANAGEMENT, 2012, 4
  • [10] Characterizing Embedded Web Browsing in Mobile Apps
    Tian, Deyu
    Ma, Yun
    Balasubramanian, Aruna
    Liu, Yunxin
    Huang, Gang
    Liu, Xuanzhe
    [J]. IEEE TRANSACTIONS ON MOBILE COMPUTING, 2022, 21 (11) : 3912 - 3925
12345