nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Decision Support for Mobile App Selection via Automated Privacy Assessment

verfasst von : Jens Wettlaufer, Hervais Simo

Erschienen in: Privacy and Identity Management. Data for Better Living: AI and Privacy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Mobile apps have entered many areas of our everyday life through smartphones, smart TVs, smart cars, and smart homes. They facilitate daily routines and provide entertainment, while requiring access to sensitive data such as private end user data, e.g., contacts or photo gallery, and various persistent device identifiers, e.g., IMEI. Unfortunately, most mobile users neither pay attention nor fully understand privacy indicating factors that could expose malicious apps. We introduce APPA (Automated aPp Privacy Assessment), a technical tool to assist mobile users making privacy-enhanced app installation decisions. Given a set of empirically validated and publicly available factors which app users typically consider at install-time, APPA creates an output in form of a personalized privacy score. The score indicates the level of privacy safety of the given app integrating three different privacy perspectives. First, an analysis of app permissions determines the degree of privateness preservation after an installation. Second, user reviews are assessed to inform about the privacy-to-functionality trade-off by comparing the sentiment of privacy and functionality related reviews. Third, app privacy policies are analyzed with respect to their legal compliance with the European General Data Protection Regulation (GDPR). While the permissions based score introduces capabilities to filter over-privileged apps, privacy and functionality related reviews are classified with an average accuracy of 79%. As proof of concept, the APPA framework demonstrates the feasibility of user-centric tools to enhance transparency and informed consent as early as during the app selection phase.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

Nächstes Kapitel Tool-Assisted Risk Analysis for Data Protection Impact Assessment

https://developer.android.com/reference/android/net/VpnService.html.

https://www.appcensus.mobi/.

http://privacygrade.org/.

AppCensus: Appcensus app search (2019). https://search.appcensus.io/. Accessed 20 July 2019

Belica, M.: jusText 2.2.0. Python Software Foundation. https://pypi.org/project/jusText/. Accessed 21 Apr 2019

Board, T.E.: Opinion: how silicon valley puts the ‘con’ in consent, February 2019. https://www.nytimes.com/2019/02/02/opinion/internet-facebook-google-consent.html. Accessed 20 July 2019

Brandtzaeg, P.B., Pultier, A., Moen, G.M.: Losing control to data-hungry apps - a mixed-methods approach to mobile app privacy. Soc. Sci. Comput. Rev. 37, 466–488 (2018)CrossRef

Chin, E., Felt, A.P., Sekar, V., Wagner, D.: Measuring user confidence in smartphone security and privacy. In: Proceedings of the Eighth Symposium on Usable Privacy and Security (2012)

Choe, E.K., Jung, J., Lee, B., Fisher, K.: Nudging people away from privacy-invasive mobile apps through visual framing. In: Kotzé, P., Marsden, G., Lindgaard, G., Wesson, J., Winckler, M. (eds.) INTERACT 2013. LNCS, vol. 8119, pp. 74–91. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40477-1_5CrossRef

Chong, I., Ge, H., Li, N., Proctor, R.W.: Influence of privacy priming and security framing on android app selection. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting (2017)

deanmalmgren: textract. GitHub.com (2014). https://textract.readthedocs.io/en/stable/. Accessed 23 Feb 2019

Dogruel, L., Joeckel, S., Bowman, N.D.: Choosing the right app: an exploratory perspective on heuristic decision processes for smartphone app selection. Mob. Media Commun. 3, 125–144 (2014)CrossRef

10.

European Parliament and Council of the European Union: Regulation (EU) 2016/679 (general data protection regulation). Official Journal of the European Union, May 2018. https://eur-lex.europa.eu/eli/reg/2016/679/2016-05-04. Accessed 06 May 2019

11.

Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: SOUPS. ACM (2012)

12.

Fogg, B.J., Iizawa, D.: Online persuasion in Facebook and Mixi: a cross-cultural comparison. In: Oinas-Kukkonen, H., Hasle, P., Harjumaa, M., Segerståhl, K., Øhrstrøm, P. (eds.) PERSUASIVE 2008. LNCS, vol. 5033, pp. 35–46. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68504-3_4CrossRef

13.

Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: CHABADA: checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering - ICSE 2014. ACM Press (2014)

14.

Gu, J., Xu, Y.C., Xu, H., Zhang, C., Ling, H.: Privacy concerns for mobile app download: an elaboration likelihood model perspective. Decis. Support Syst. 94, 19–28 (2017)CrossRef

15.

Habib, S.M., Alexopoulos, N., Islam, M.M., Heider, J., Marsh, S., Müehlhäeuser, M.: Trust4App: automating trustworthiness assessment of mobile applications. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 124–135, August 2018

16.

Hansen, M.: Data protection by design and by default à la European general data protection regulation. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 27–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55783-0_3CrossRef

17.

Harkous, H., Fawaz, K., Lebret, R., Schaub, F., Shin, K.G., Aberer, K.: Polisis: automated analysis and presentation of privacy policies using deep learning. CoRR (2018)

18.

Harris, M., Brookshire, R., Patten, K., Regan, E.: Mobile application installation influences: have mobile device users become desensitized to excessive permission requests? In: Americas Conference on Information Systems (2015)

19.

Harris, M.A., Brookshire, R., Chin, A.G.: Identifying factors influencing consumers’ intent to install mobile applications. Int. J. Inf. Manag. 36, 441–450 (2016)CrossRef

20.

Hatamian, M., Momen, N., Fritsch, L., Rannenberg, K.: A multilateral privacy impact analysis method for android apps. In: Naldi, M., Italiano, G.F., Rannenberg, K., Medina, M., Bourka, A. (eds.) APF 2019. LNCS, vol. 11498, pp. 87–106. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21752-5_7CrossRef

21.

Hong, J.: Privacygrade: grading the privacy of smartphone apps (2014). http://privacygrade.org/home. Accessed 20 July 2019

22.

Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2013)

23.

Kesswani, N., Lyu, H., Zhang, Z.: Analyzing android app privacy with GP-PP model. IEEE Access 6, 39541–39546 (2018)CrossRef

24.

Knijnenburg, B.: A user-tailored approach to privacy decision support. Master’s thesis, University of California, Irvine, July 2015. http://www.ics.uci.edu/~kobsa/phds/knijnenburg.pdf

25.

Kulyk, O., Gerber, P., Marky, K., Beckmann, C., Volkamer, M.: Does this app respect my privacy? Design and evaluation of information materials supporting privacy-related decisions of smartphone users. In: NDSS Symposium 2018 (USEC), San Diego, CA, 18–21 February 2019 (2019)

26.

Lim, S.L., Bentley, P.J., Kanakam, N., Ishikawa, F., Honiden, S.: Investigating country differences in mobile app user behavior and challenges for software engineering. IEEE Trans. Softw. Eng. 41, 40–64 (2015). http://www0.cs.ucl.ac.uk/staff/S.Lim/app_user_survey/CrossRef

27.

Liu, B., et al.: Follow my recommendations: a personalized privacy assistant for mobile app permissions. In: 12th Symposium on Usable Privacy and Security 2016. USENIX Association, Denver (2016)

28.

Liu, B., Kong, D., Cen, L., Gong, N.Z., Jin, H., Xiong, H.: Personalized mobile app recommendation: reconciling app functionality and user privacy preference. In: Proceedings of the Eighth ACM International Conference on Web Search and Data Mining, WSDM 2015, ACM, New York (2015)

29.

Liu, B., Lin, J., Sadeh, N.: Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help? In: Proceedings of the 23rd International Conference on World Wide Web (2014)

30.

Meineck, S.: Komplizierter als Kant: Nerd erstellt Ranking der furchtbarsten AGB (2019). https://www.vice.com/de/article/5974vb/datenschutz-ranking-der-schlimmsten-agb-facebook-airbnb-google-dsgvo. Accessed 28 July 2019

31.

Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in android: a user-centric approach. In: Risk Assessment and Risk-Driven Testing (2014)

32.

Urcuqui, C., Navarro, A.: Dataset malware/beningn permissions android (2016). https://doi.org/10.21227/H26P4M

33.

Ng, A.: More than 1,000 android apps harvest data even after you deny permissions (2019). https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/. Accessed 20 July 2019

34.

Nguyen, D.C., Derr, E., Backes, M., Bugiel, S.: Short text, large effect: measuring the impact of user reviews on android app security & privacy. In: Proceedings of the IEEE Symposium on Security & Privacy. IEEE, May 2019

35.

Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: AutoCog: measuring the description-to-permission fidelity in android applications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS 2014. ACM Press (2014). https://doi.org/10.1145/2660267.2660287

36.

Rajivan, P., Camp, J.: Influence of privacy attitude and privacy cue framing on android app choices. In: 12th Symposium on Usable Privacy and Security (2016)

37.

Reardon, J., Feal, Á., Wijesekera, P., On, A.E.B., Vallina-Rodriguez, N., Egelman, S.: 50 ways to leak your data: an exploration of apps’ circumvention of the android permissions system. In: 28th USENIX Security Symposium (2019)

38.

Robillard, J.M., et al.: Availability, readability, and content of privacy policies and terms of agreements of mental health apps. Internet Interv. 17, 100243 (2019)CrossRef

39.

State of California Department of Justice: Privacy laws. State of California Department of Justice (2003). https://oag.ca.gov/privacy/privacy-laws. Accessed 06 May 2019

40.

The Realtime Report: how appification is transforming the internet (2017). https://therealtimereport.com/2017/11/01/appification-transforming-internet/. Accessed 26 July 2019

41.

Thelwall, M., Buckley, K., Paltoglou, G., Cai, D., Kappas, A.: Sentiment strength detection in short informal text. J. Am. Soc. Inf. Sci. Technol. 61, 2544–2558 (2010)CrossRef

42.

Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: ACL (2016)

43.

Wottrich, V.M., van Reijmersdal, E.A., Smit, E.G.: The privacy trade-off for mobile app downloads: the roles of app value, intrusiveness, and privacy concerns. Decis. Support Syst. 106, 44–52 (2017)CrossRef

44.

Yin, S.: What can a zero-permissions android app do? April 2012. http://securitywatch.pcmag.com/none/296635-what-can-a-zero-permissions-android-app-do. Accessed 16 June 2019

45.

Zhang, B., Xu, H.: Privacy nudges for mobile applications: effects on the creepiness emotion and privacy attitudes. In: Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing - CSCW 2016 (2016)

46.

Zimmeck, S., et al.: Automated analysis of privacy requirements for mobile apps. In: The 2016 AAAI Fall Symposium Series: Privacy and Language Technologies (2016)

Titel: Decision Support for Mobile App Selection via Automated Privacy Assessment
verfasst von: Jens Wettlaufer
Hervais Simo
Verlag: Springer International Publishing
Buch: Privacy and Identity Management. Data for Better Living: AI and Privacy
Print ISBN: 978-3-030-42503-6

Electronic ISBN: 978-3-030-42504-3

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-42504-3_19

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"