You Can't Always Get What You Want: Towards User-Controlled Privacy on Android

  title={You Can't Always Get What You Want: Towards User-Controlled Privacy on Android},
  author={David J. Caputo and Francesco Pagano and Giovanni Bottino and Luca Verderame and Alessio Merlo},
  journal={IEEE Transactions on Dependable and Secure Computing},
Mobile applications (hereafter, apps) collect a plethora of information regarding the user behavior and his device through third-party analytics libraries. However, the collection and usage of such data raised several privacy concerns, mainly because the end-user - i.e., the actual owner of the data - is out of the loop in this collection process. Also, the existing privacy-enhanced solutions that emerged in the last years follow an ”all or nothing” approach, leaving the user the sole option to… 

Intent-Aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps

The proposed Intent-aware permission architecture extends the current Android permission model with a precise mechanism for full disclosure of purpose and scope limitation, and has the potential to improve trust between end-users and developers.



On the (Un)Reliability of Privacy Policies in Android Apps

It is suggested that more than 95% of apps access user’s privacy-sensitive information, but just a negligible subset of them fully complies with the Google Play privacy guidelines.

PRIVAID: Differentially-Private Event Frequency Analysis for Google Analytics in Android Apps

This proposal employs differential privacy (DP), a powerful and rigorous privacy definition and algorithmic framework that perturbs the results of a data analysis in order to achieve a quantifiable notion of privacy, and develops an instance of PRIVAID for DP collection of event frequency information in apps that use the popular Google Analytics framework.

Investigating User Privacy in Android Ad Libraries

This work examines the effect on user privacy of thirteen popular Android ad providers by reviewing their use of permissions, and discovers the insecure use of Android’s JavaScript extension mechanism in several ad libraries.

Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

An automated methods to detect third-party advertising and tracking services at the traffic level are developed and the business relationships between the providers of these services are uncovered, revealing them by their prevalence in the mobile and Web ecosystem.

Introducing Differential Privacy Mechanisms for Mobile App Analytics of Dynamic Content

This work designs a differentially-private solution for mobile app analytics that keeps privacy logic separate from the app code, and uses code rewriting to automate the introduction and evolution of privacy-related code.

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

This work empirically evaluates the validity of this assumption that paying for apps could offer consumers protection from behavioral advertising and long-term tracking by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps.

How Does Misconfiguration of Analytic Services Compromise Mobile Privacy?

A semiautomated approach, Privacy-Aware Analytics Misconfiguration Detector (PAMDroid), is developed, which enables the empirical study on mis-configurations of analytic services, in which 1,000 popular apps using top analytic services are described.

Introducing Privacy in Screen Event Frequency Analysis for Android Apps

This work develops the automated app code analysis, code rewriting, and run-time processing needed to deploy the proposed DP solution, and demonstrates that high accuracy and practical cost can be achieved by the developed privacy-preserving screen event frequency analysis.

Dynamic Privacy Leakage Analysis of Android Third-Party Libraries

This paper identifies three types of privacy leakage path inside apps, and finds the third-party libraries access to privacy information account for the largest proportion, and most of third- party libraries have direct network connections and the correspondent flows are inspected to validate the privacy leakage risk.

An Analysis of Pre-installed Android Software

The first large- scale study of pre-installed software on Android devices from more than 200 vendors is presented, based on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods, with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.