You Can't Always Get What You Want: Towards User-Controlled Privacy on Android
@article{Caputo2021YouCA,
title={You Can't Always Get What You Want: Towards User-Controlled Privacy on Android},
author={David J. Caputo and Francesco Pagano and Giovanni Bottino and Luca Verderame and Alessio Merlo},
journal={IEEE Transactions on Dependable and Secure Computing},
year={2021},
volume={20},
pages={975-987}
}Mobile applications (hereafter, apps) collect a plethora of information regarding the user behavior and his device through third-party analytics libraries. However, the collection and usage of such data raised several privacy concerns, mainly because the end-user - i.e., the actual owner of the data - is out of the loop in this collection process. Also, the existing privacy-enhanced solutions that emerged in the last years follow an ”all or nothing” approach, leaving the user the sole option to…
Figures and Tables from this paper
One Citation
Intent-Aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps
- Computer ScienceICISSP
- 2022
The proposed Intent-aware permission architecture extends the current Android permission model with a precise mechanism for full disclosure of purpose and scope limitation, and has the potential to improve trust between end-users and developers.
References
SHOWING 1-10 OF 61 REFERENCES
On the (Un)Reliability of Privacy Policies in Android Apps
- Computer Science2020 International Joint Conference on Neural Networks (IJCNN)
- 2020
It is suggested that more than 95% of apps access user’s privacy-sensitive information, but just a negligible subset of them fully complies with the Google Play privacy guidelines.
PRIVAID: Differentially-Private Event Frequency Analysis for Google Analytics in Android Apps
- Computer Science
- 2018
This proposal employs differential privacy (DP), a powerful and rigorous privacy definition and algorithmic framework that perturbs the results of a data analysis in order to achieve a quantifiable notion of privacy, and develops an instance of PRIVAID for DP collection of event frequency information in apps that use the popular Google Analytics framework.
Investigating User Privacy in Android Ad Libraries
- Computer Science
- 2012
This work examines the effect on user privacy of thirteen popular Android ad providers by reviewing their use of permissions, and discovers the insecure use of Android’s JavaScript extension mechanism in several ad libraries.
Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem
- Computer ScienceNDSS
- 2018
An automated methods to detect third-party advertising and tracking services at the traffic level are developed and the business relationships between the providers of these services are uncovered, revealing them by their prevalence in the mobile and Web ecosystem.
Introducing Differential Privacy Mechanisms for Mobile App Analytics of Dynamic Content
- Computer Science2020 IEEE International Conference on Software Maintenance and Evolution (ICSME)
- 2020
This work designs a differentially-private solution for mobile app analytics that keeps privacy logic separate from the app code, and uses code rewriting to automate the introduction and evolution of privacy-related code.
The Price is (Not) Right: Comparing Privacy in Free and Paid Apps
- EconomicsProc. Priv. Enhancing Technol.
- 2020
This work empirically evaluates the validity of this assumption that paying for apps could offer consumers protection from behavioral advertising and long-term tracking by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps.
How Does Misconfiguration of Analytic Services Compromise Mobile Privacy?
- Computer Science2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE)
- 2020
A semiautomated approach, Privacy-Aware Analytics Misconfiguration Detector (PAMDroid), is developed, which enables the empirical study on mis-configurations of analytic services, in which 1,000 popular apps using top analytic services are described.
Introducing Privacy in Screen Event Frequency Analysis for Android Apps
- Computer Science2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM)
- 2019
This work develops the automated app code analysis, code rewriting, and run-time processing needed to deploy the proposed DP solution, and demonstrates that high accuracy and practical cost can be achieved by the developed privacy-preserving screen event frequency analysis.
Dynamic Privacy Leakage Analysis of Android Third-Party Libraries
- Computer Science2018 1st International Conference on Data Intelligence and Security (ICDIS)
- 2018
This paper identifies three types of privacy leakage path inside apps, and finds the third-party libraries access to privacy information account for the largest proportion, and most of third- party libraries have direct network connections and the correspondent flows are inspected to validate the privacy leakage risk.
An Analysis of Pre-installed Android Software
- Computer Science2020 IEEE Symposium on Security and Privacy (SP)
- 2020
The first large- scale study of pre-installed software on Android devices from more than 200 vendors is presented, based on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods, with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.