Patterns of sharing customizable software
CSCW '90 Proceedings of the 1990 ACM conference on Computer-supported cooperative work
Language-based security on Android
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Selected Areas in Cryptography
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Proceedings of the 17th ACM conference on Computer and communications security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
MockDroid: trading privacy for application functionality on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Can Smartphone Users Turn Off Tracking Service Settings?
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?
Proceedings of the 23rd international conference on World wide web
ipShield: a framework for enforcing context-aware privacy
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
In this paper we present the design and implementation of ProtectMyPrivacy (PMP), a system for iOS devices to detect access to private data and protect users by substituting anonymized data in its place if users decide. We developed a novel crowdsourced recommendation engine driven by users who contribute their protection decisions, which provides app specific privacy recommendations. PMP has been in use for over nine months by 90,621 real users, and we present a detailed evaluation based on the data we collected for 225,685 unique apps. We show that access to the device identifer (48.4% of apps), location (13.2% of apps), address book (6.2% of apps) and music library (1.6% of apps) is indeed widespread in iOS. We show that based on the protection decisions contributed by our users we can recommend protection settings for over 97.1% of the 10,000 most popular apps. We show the effectiveness of our recommendation engine with users accepting 67.1% of all recommendations provide to them, thereby helping them make informed privacy choices. Finally, we show that as few as 1% of our users, classified as experts, make enough decisions to drive our crowdsourced privacy recommendation engine.