A technique for computer detection and correction of spelling errors
Communications of the ACM
Strong regularities in online peer production
Proceedings of the 9th ACM conference on Electronic commerce
Privacy suites: shared privacy for social networks
Proceedings of the 5th Symposium on Usable Privacy and Security
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 17th ACM conference on Computer and communications security
Proceedings of the first ACM conference on Data and application security and privacy
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Privacy: is there an app for that?
Proceedings of the Seventh Symposium on Usable Privacy and Security
Measuring the perpetrators and funders of typosquatting
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Imagined communities: awareness, information sharing, and privacy on the facebook
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Re-evaluating the wisdom of crowds in assessing web security
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Use of ratings from personalized communities for trustworthy application installation
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Permission evolution in the Android ecosystem
Proceedings of the 28th Annual Computer Security Applications Conference
Towards unified authorization for android
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
A multi-dimensional measure for intrusion: the intrusiveness quality attribute
Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures
My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 22nd international conference on World Wide Web
On mining mobile apps usage behavior for predicting apps usage in smartphones
Proceedings of the 22nd ACM international conference on Conference on information & knowledge management
Appinspect: large-scale evaluation of social networking apps
Proceedings of the first ACM conference on Online social networks
Sleeping android: the danger of dormant permissions
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Quantitative security risk assessment of android permissions and applications
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
The company you keep: mobile malware infection rates and inexpensive risk indicators
Proceedings of the 23rd international conference on World wide web
DECAF: detecting and characterizing ad fraud in mobile apps
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Third-party applications (apps) drive the attractiveness of web and mobile application platforms. Many of these platforms adopt a decentralized control strategy, relying on explicit user consent for granting permissions that the apps request. Users have to rely primarily on community ratings as the signals to identify the potentially harmful and inappropriate apps even though community ratings typically reflect opinions about perceived functionality or performance rather than about risks. With the arrival of HTML5 web apps, such user-consent permission systems will become more widespread. We study the effectiveness of user-consent permission systems through a large scale data collection of Facebook apps, Chrome extensions and Android apps. Our analysis confirms that the current forms of community ratings used in app markets today are not reliable indicators of privacy risks of an app. We find some evidence indicating attempts to mislead or entice users into granting permissions: free applications and applications with mature content request more permissions than is typical; 'look-alike' applications which have names similar to popular applications also request more permissions than is typical. We also find that across all three platforms popular applications request more permissions than average.