A Multilateral Privacy Impact Analysis Method for Android Apps

@inproceedings{Hatamian2019AMP,
  title={A Multilateral Privacy Impact Analysis Method for Android Apps},
  author={Majid Hatamian and Nurul Momen and Lothar Fritsch and Kai Rannenberg},
  booktitle={APF},
  year={2019}
}
Smartphone apps have the power to monitor most of people’s private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people’s activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement… 
Decision Support for Mobile App Selection via Automated Privacy Assessment
TLDR
This work introduces APPA (Automated aPp Privacy Assessment), a technical tool to assist mobile users making privacy-enhanced app installation decisions and demonstrates the feasibility of user-centric tools to enhance transparency and informed consent as early as during the app selection phase.
Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers
TLDR
This paper provides researchers and developers of privacy-related technicalities an overview of the characteristics of existing privacy requirements needed to be implemented in smartphone ecosystems, on which they can base their work.
A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps
TLDR
This study analyzes the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances and quantifies the impact of these apps on users’ privacy.
Personal Information Classification on Aggregated Android Application’s Permissions
TLDR
This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners and concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.
A Curious Case of "Consent Button"
TLDR
As the user struggle to perceive actual intention of apps and potential implication on privacy, it is aimed at developing Transparency Enhancing Tools (TETs) that come with computational cost, overhead and storage complexity.
Accept - Maybe - Decline: Introducing Partial Consent for the Permission-based Access Control Model of Android
TLDR
The possibility of registering conditional consent which could potentially increase trust in data sharing is examined and the possibilities to integrate it within the access control model of Android by introducing an additional button in the interface are looked into.
PrivacyBot: Detecting Privacy Sensitive Information in Unstructured Texts
TLDR
PrivacyBot is a machine-learning based proof-of-concept that detects PSI in user-generated unstructured texts and provides a fine-grained category of PSI types, shed light on the possibility of integrating such tools to support users in making informed privacy related decisions when disclose PSI on-line.
Nudging the User with Privacy Indicator: A Study on the App Selection Behavior of the User
TLDR
An empirical study on user behavior, decision making, and perception about privacy concern while selecting apps found a significant influence of the privacy indicator on their app selection behavior was observed, although this influence decreased in case of familiar apps.
A Study on User Preference: Influencing App Selection Decision with Privacy Indicator
TLDR
It is shown that impact of a privacy indicator on app selection behavior has statistical significance and such privacy preserving behavior can be invoked by mere presence of the indicator.
...
1
2
...

References

SHOWING 1-10 OF 18 REFERENCES
Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps
TLDR
This mixed methods investigation examines the question of whether revealing key data collection practices of smartphone apps may help people make more informed privacy-related decisions, and designed and prototyped a new class of privacy indicators, called Data Controller Indicators (DCIs), that expose previously hidden information flows out of the apps.
Assessing the Privacy of mHealth Apps for Self-Tracking: Heuristic Evaluation Approach
TLDR
The majority of self-tracking services examined failed to provide users with full access to their own data, did not acquire sufficient consent for the use of the data, or inadequately extended controls over disclosures to third parties.
"It's Shocking!": Analysing the Impact and Reactions to the A3: Android Apps Behaviour Analyser
TLDR
There is a significant difference between users’ privacy concern and expectation before and after using A3 and the majority of them were surprised to learn how often their installed apps access personal resources.
Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice
TLDR
An in-depth security and privacy analysis of some of the most popular freeware mobile health applications is provided, revealing that the majority of the analyzed applications do not follow well-known practices and guidelines, not even legal restrictions imposed by contemporary data protection regulations, thus jeopardizing the privacy of millions of users.
Privacy and Security in Mobile Health Apps: A Review and Recommendations
TLDR
A study of the existing laws regulating these aspects in the European Union and the United States, a review of the academic literature related to this topic, and a proposal of some recommendations for designers in order to create mobile health applications that satisfy the current security and privacy legislation are presented.
Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging
TLDR
A study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data collected by their apps finds that these approaches are complementary and can each play a significant role in empowering users to more effectively control their privacy.
Android permissions: user attention, comprehension, and behavior
TLDR
It is found that current Android permission warnings do not help most users make correct security decisions, however, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension.
On lightweight mobile phone application certification
TLDR
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.
Tools for Achieving Usable Ex Post Transparency: A Survey
TLDR
This survey provides researchers and developers of privacy enhancing technologies an overview of the characteristics of state of the art ex post TETs based on their functionality, implementation and evaluation as described in the literature.
...
1
2
...