An identifiability-based access control model for privacy protection in open systems
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
From spaces to places: emerging contexts in mobile privacy
Proceedings of the 11th international conference on Ubiquitous computing
Privacy in Context: Technology, Policy, and the Integrity of Social Life
Privacy in Context: Technology, Policy, and the Integrity of Social Life
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Proceedings of the 18th ACM conference on Computer and communications security
SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Measuring user confidence in smartphone security and privacy
Proceedings of the Eighth Symposium on Usable Privacy and Security
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
A conundrum of permissions: installing applications on an android smartphone
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
We address the challenge of improving transparency for smartphone applications by creating tools that assesses privacy risk. Specifically, we invented a framework for qualitatively assessing and quantitatively measuring the intrusiveness of smartphone applications based on their data access behaviors. Our framework has two essential components. The first component is the Privacy Fingerprint, a novel visualization that is concise yet holistic. It captures each app's unique access patterns to sensitive personal data, including which types of behaviors and under which privacy-relevant usage contexts the data are collected. The second component is a new Intrusiveness Score that numerically measures out-of-context data collection, based on real data accesses gathered from empirical testing on 33 popular Android apps across 4 app categories. Specific attention is paid to the proportion of data accesses that occurs while the user is idle, raising the perceived level of intrusiveness and exposing the profiling potential of an app. Together, these components will help smartphone users decide whether to install an app because they will be able to easily and accurately assess the relative intrusiveness of apps. Our study also demonstrates that the Intrusiveness Score is helpful to compare apps that exhibit similar types of data accesses.