SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices

@article{Olejnik2017SmarPerCA,
  title={SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices},
  author={Katarzyna Olejnik and Italo Dacosta and Joana Soares Machado and K{\'e}vin Huguenin and Mohammad Emtiyaz Khan and Jean-Pierre Hubaux},
  journal={2017 IEEE Symposium on Security and Privacy (SP)},
  year={2017},
  pages={1058-1076}
}
Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. We address some of these limitations with SmarPer, an advanced permission mechanism for Android. To address the rigidity of current permission systems and their poor matching of users' privacy… 

Figures and Tables from this paper

Autonomous Permission Recommendation
TLDR
This work proposes an autonomous permission recommendation system, AutoPer+, to automatically recommend users the permission decisions at runtime, and introduces a multi-topic model into app functionality mining, and a topic-permission mapper for the proposed recommendation system.
AutoPer: Automatic Recommender for Runtime-Permission in Android Applications
  • Hongcan Gao, Chenkai Guo, J. Xu
  • Computer Science
    2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)
  • 2019
TLDR
This work proposes a system to automatically recommend runtime-permission to users and provides explanations for the recommendations to uncover the reason for users, and demonstrates the effectiveness of AutoPer for permission recommendation.
INSPIRED: Intention-based Privacy-preserving Permission Model
TLDR
This work proposes INSPIRED, an intention-aware dynamic mediation system for mobile operating systems with privacy-preserving capability that automatically infers the underlying program intention by examining its runtime environment and justifies whether to grant the relevant permission by matching with user intention.
Contextualizing Privacy Decisions for Better Prediction (and Protection)
TLDR
This work implemented a novel privacy management system in Android that uses contextual signals to build a classifier that predicts user privacy preferences under various scenarios, and shows that this new permission model reduces the error rate by 75% (i.e., fewer privacy violations), while preserving usability.
Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection
TLDR
The design, implementation, and evaluation of COSMOS are presented, a context-aware mediation system that bridges the semantic gap between foreground interaction and background access, in order to protect system integrity and user privacy.
Automatic Permission Optimization Framework for Privacy Enhancement of Mobile Applications
TLDR
An automatic permission optimization framework, Permizer, is proposed to recommend different app permission configurations to users with different privacy preferences and is the first module to achieve a balance between privacy protection and app functionality under the personal privacy preference condition.
Predicting Users Mobile App Privacy Preferences
TLDR
A major contribution of this work is to utilise different machine learning techniques for assigning users to the privacy profiles that most closely capture their privacy preferences, which indicates that it is possible to predict many of a user’s mobile app privacy preferences by asking the user a small number of questions.
Prediction of Mobile App Privacy Preferences with User Profiles via Federated Learning
TLDR
This paper proposes a methodology to build privacy profiles and train neural networks for prediction of privacy decisions, while guaranteeing user privacy, even against a centralized server.
Bayesian Evaluation of User App Choices in the Presence of Risk Communication on Android Devices
TLDR
This work focuses on the realm of the mobile marketplace, examining how risk indicators can help people choose more secure and privacy-preserving apps, and includes an explicit argument for the role of human decision-making during app selection.
IAC: On the Feasibility of Utilizing Neural Signals for Access Control
TLDR
This work explores the feasibility of a novel approach to enforce the context integrity---by inferring what task users want to do under the given context from their neural signals; then automatically authorizes access to a predefined set of sensitive resources that are necessary for that task.
...
...

References

SHOWING 1-10 OF 63 REFERENCES
Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions
TLDR
A field study in which a Personalized Privacy Assistant (PPA) was implemented and evaluated with participants using their own Android devices, and it is found that 78.7% of the recommendations made by the PPA were adopted by users.
Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?
TLDR
A study analyzing people's privacy preferences when it comes to granting permissions to different mobile apps suggests that, while people's mobile app privacy preferences are diverse, a relatively small number of profiles can be identified that offer the promise of significantly simplifying the decisions mobile users have to make.
ConXsense: automated context classification for context-aware access control
TLDR
ConXsense is presented, the first framework for context-aware access control on mobile devices based on context classification, which utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties.
Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings
TLDR
It is shown that, while people’s mobile app privacy preferences are diverse, it is possible to identify a small number of privacy profiles that collectively do a good job at capturing these diverse preferences.
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications
TLDR
Two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated are examined, finding that they can successfully reduce the effective permissions of the application without causing side effects for 66% of the tested applications.
Taming Information-Stealing Smartphone Applications (on Android)
TLDR
A system called TISSA is developed that implements a new privacy mode in smartphones that can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application.
ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing
TLDR
A novel crowdsourced recommendation engine driven by users who contribute their protection decisions, which provides app specific privacy recommendations, and shows the effectiveness of its recommendation engine with users accepting 67.1% of all recommendations provide to them, thereby helping them make informed privacy choices.
Asking for (and about) permissions used by Android apps
TLDR
This work analyzes about 10,000 free apps from popular Android markets and finds a significant sub-linear relationship between the popularity of a permission and the number of times when it is misused, and studies the relationship of permission use and thenumber of questions about the permission on StackOverflow.
How to Ask for Permission
TLDR
A set of guidelines is proposed to aid platform designers in determining the most appropriate permission-granting mechanism for a given permission, and a preliminary evaluation indicates that this model will reduce the number of warnings presented to users, thereby reducing habituation effects.
Apps permissions in the Google Play Store
TLDR
A newly released Pew Research Center survey from February 2015 finds that users place significant emphasis on how much information their apps collect from them.
...
...