Characterizing Privacy Risks of Mobile Apps with Sensitivity Analysis

被引：14

作者：

Zhang, Li Lyna ^{[1
,2
]}

Liang, Chieh-Jan Mike ^{[2
]}

Li, Zhao Lucis ^{[1
,2
]}

Liu, Yunxin ^{[2
]}

Zhao, Feng ^{[2
]}

Chen, Enhong ^{[1
]}

机构：

[1] Univ Sci & Technol China, Hefei 230022, Anhui, Peoples R China

[2] Microsoft Res, Beijing 100080, Peoples R China

来源：

IEEE TRANSACTIONS ON MOBILE COMPUTING | 2018年 / 17卷 / 02期

关键词：

Mobile applications; sensitivity analysis; automated testing; privacy;

D O I：

10.1109/TMC.2017.2708716

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Given the emerging concerns over app privacy-related risks, major app distribution providers (e.g., Microsoft) have been exploring approaches to help end users to make informed decision before installation. This is different from existing approaches of simply trusting users to make the right decision. We build on the direction of risk rating as the way to communicate app-specific privacy risks to end users. To this end, we propose to use sensitivity analysis to infer whether an app requests sensitive on-device resources/data that are not required for its expected functionality. Our system, Privet, addresses challenges in efficiently achieving test coverage and automated privacy risk assessment. Finally, we evaluate Privet with 1,000 Android apps released in the wild.

引用

页码：279 / 292

页数：14

共 50 条

[31] Poster: A First Look at the Privacy Risks of Voice Assistant Apps
Natatsuka, Atsuko
Iijima, Ryo
Watanabe, Takuya
Akiyama, Mitsuaki
Sakai, Tetsuya
Mori, Tatsuya
[J]. PROCEEDINGS OF THE 2019 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'19), 2019, : 2633 - 2635
[32] Mind the GAP: Security & Privacy Risks of Contact Tracing Apps
Baumgaertner, Lars
Dmitrienko, Alexandra
Freisleben, Bernd
Gruler, Alexander
Hoechst, Jonas
Kuehlberg, Joshua
Mezini, Mira
Mitev, Richard
Miettinen, Markus
Muhamedagic, Anel
Thien Duc Nguyen
Penning, Alvar
Pustelnik, Dermot
Roos, Filipp
Sadeghi, Ahmad-Reza
Schwarz, Michael
Uhl, Christian
[J]. 2020 IEEE 19TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2020), 2020, : 458 - 467
[33] Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Continella, Andrea
Fratantonio, Yanick
Lindorfer, Martina
Puccetti, Alessandro
Zand, Ali
Kruegel, Christopher
Vigna, Giovanni
[J]. 24TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2017), 2017,
[34] CRIMINAL LAW RISKS OF USING MOBILE DATING APPS
Bimbinov, Arseniy A.
[J]. RUSSIAN JOURNAL OF CRIMINOLOGY, 2024, 18 (02): : 181 - 190
[35] Visualizing Privacy Risks of Mobile Applications through a Privacy Meter
Kang, Jina
Kim, Hyoungshick
Cheong, Yun Gyung
Huh, Jun Ho
[J]. INFORMATION SECURITY PRACTICE AND EXPERIENCE, ISPEC 2015, 2015, 9065 : 548 - 558
[36] The Long-Standing Privacy Debate: Mobile Websites Vs Mobile Apps
Papadopoulos, Elias P.
Diamantaris, Michalis
Papadopoulos, Panagiotis
Petsas, Thanasis
Ioannidis, Sotiris
Markatos, Evangelos P.
[J]. PROCEEDINGS OF THE 26TH INTERNATIONAL CONFERENCE ON WORLD WIDE WEB (WWW'17), 2017, : 153 - 162
[37] Characterizing mobile apps from a source and test code viewpoint
Silva, Davi Bernardo
Eler, Marcelo Medeiros
Durelli, Vinicius H. S.
Endo, Andre Takeshi
[J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2018, 101 : 32 - 50
[38] Review and Comparative Analysis of Security Risks and Safety Measures of Mobile Health Apps.
Burmeister, Oliver
[J]. AUSTRALASIAN JOURNAL OF INFORMATION SYSTEMS, 2016, 20
[39] MOBILE APPS - USER AWARENESS ON PERMISSIONS, INFORMATION PRIVACY AND SECURITY
Tutunea, Mihaela Filofteia
[J]. PROCEEDINGS OF THE 16TH INTERNATIONAL CONFERENCE ON INFORMATICS IN ECONOMY (IE 2017): EDUCATION, RESEARCH & BUSINESS TECHNOLOGIES, 2017, : 70 - 77
[40] Privacy-Preserving Location-Proximity for Mobile Apps
Stirbys, Simonas
Abu Nabah, Omar
Hallgren, Per
Sabelfeld, Andrei
[J]. 2017 25TH EUROMICRO INTERNATIONAL CONFERENCE ON PARALLEL, DISTRIBUTED AND NETWORK-BASED PROCESSING (PDP 2017), 2017, : 337 - 345

← 1 2 3 4 5 →