No surprises: measuring intrusiveness of smartphone applications by detecting objective context deviations

Authors:
Frances Zhang;Fuming Shih;Daniel Weitzner
Affiliations:
MIT Computer Science and Artificial Intelligence Lab, Cambridge, Massachusetts, USA;MIT Computer Science and Artificial Intelligence Lab, Cambridge, Massachusetts, USA;MIT Computer Science and Artificial Intelligence Lab, Cambridge, Massachusetts, USA
Venue:
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Year:
2013

Citing 9
Cited 0

An identifiability-based access control model for privacy protection in open systems

Proceedings of the 2004 ACM workshop on Privacy in the electronic society
From spaces to places: emerging contexts in mobile privacy

Proceedings of the 11th international conference on Ubiquitous computing
Privacy in Context: Technology, Policy, and the Integrity of Social Life

Privacy in Context: Technology, Policy, and the Integrity of Social Life
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security
SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Measuring user confidence in smartphone security and privacy

Proceedings of the Eighth Symposium on Usable Privacy and Security
Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing

Proceedings of the 2012 ACM Conference on Ubiquitous Computing
A conundrum of permissions: installing applications on an android smartphone

FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We address the challenge of improving transparency for smartphone applications by creating tools that assesses privacy risk. Specifically, we invented a framework for qualitatively assessing and quantitatively measuring the intrusiveness of smartphone applications based on their data access behaviors. Our framework has two essential components. The first component is the Privacy Fingerprint, a novel visualization that is concise yet holistic. It captures each app's unique access patterns to sensitive personal data, including which types of behaviors and under which privacy-relevant usage contexts the data are collected. The second component is a new Intrusiveness Score that numerically measures out-of-context data collection, based on real data accesses gathered from empirical testing on 33 popular Android apps across 4 app categories. Specific attention is paid to the proportion of data accesses that occurs while the user is idle, raising the perceived level of intrusiveness and exposing the profiling potential of an app. Together, these components will help smartphone users decide whether to install an app because they will be able to easily and accurately assess the relative intrusiveness of apps. Our study also demonstrates that the Intrusiveness Score is helpful to compare apps that exhibit similar types of data accesses.