logo

SCIENTIA SINICA Informationis, Volume 51 , Issue 7 : 1100(2021) https://doi.org/10.1360/SSI-2020-0039

Privacy risk quantification of mobile application based on requested permissions

More info
  • ReceivedMar 2, 2020
  • AcceptedJul 13, 2020
  • PublishedJun 7, 2021

Abstract


Funded by

国家自然科学基金项目(61941121,91846204)


Supplement

表S1–S4.


References

[1] Meng X F, Zhang X J. Big data privacy management. J Comput Res Dev, 2015, 52: 265--281. Google Scholar

[2] Demetriou S, Merrill W, Yang W, et al. Free for all Assessing user data exposure to advertising libraries on Android. In: Proceedings of Annual Network and Distributed System Security Symposium, 2016. Google Scholar

[3] Peng H, Gates C, Sarma B, et al. Using probabilistic generative models for ranking risks of Android Apps. In: Proceedings of ACM Conference on Computer and Communications Security, 2012. 241--252. Google Scholar

[4] Wang Y, Zheng J, Sun C, et al. Quantitative security risk assessment of Android permissions and applications. In: Proceedings of IFIP Annual Conference on Data and Applications Security and Privacy, 2013. 226--241. Google Scholar

[5] Sarma B, Li N, Gates C, et al. Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, 2012. 13--22. Google Scholar

[6] Liccardi I, Pato J, Weitzner D J. Improving User Choice Through Better Mobile Apps Transparency and Permissions Analysis. JPC, 2014, 5 CrossRef Google Scholar

[7] Hamed A, Ayed H K-B, Machfar D. Assessment for Android Apps permissions a proactive approach toward privacy risk. In: Proceedings of the 13th International Wireless Communications and Mobile Computing Conference, 2017. 1465--1470. Google Scholar

[8] Quattrone A, Kulik L, Tanin E, et al. PrivacyPalisade: evaluating app permissions and building privacy into smartphones. In: Proceedings of IEEE International Conference on Information Communication and Signal Processing, 2015. Google Scholar

[9] Barrera D, Kayacik H G, van Oorschot P C, et al. A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of CCS'10, 2010. 73--84. Google Scholar

[10] Felt A P, Chin E, Hanna S, et al. Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security, 2011. 627--638. Google Scholar

[11] Chia P H, Yamamoto Y, Asokan N. Is this app safe?: a large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web, 2012. 311--320. Google Scholar

[12] Frank M, Dong B, Felt A P, et al. Mining permission request patterns from Android and facebook applications. In: Proceedings of IEEE International Conference on Data Mining, 2012. 870--875. Google Scholar

[13] Wei M K, Gong X, Wang W Y. Claim what you need: a text-mining approach on android permission request authorization. In: Proceedings of IEEE Global Communications Conference, 2015. Google Scholar

[14] Slavin S, Wang X Y, Hosseini M B, et al. Toward a framework for detecting privacy policy violations in Android application code. In: Proceedings of International Conference on Software Engineering, 2016. 25--36. Google Scholar

[15] Story P, Zimmeck S, Sadeh N. Which Apps have privacy policies? An analysis of over one million google play store Apps. 2018. https://usableprivacy.org/static/files/Story_APF_2018.pdf. Google Scholar

[16] Yu L, Luo X P, Liu X L, et al. Can we trust the privacy policies of Android Apps? In: Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2016. 538--549. Google Scholar

[17] Au K W Y, Zhou Y F, Huang Z, et al. PScout: analyzing the Android permission specification. In: Proceedings of ACM Conference on Computer and Communications Security, 2012. 217--228. Google Scholar

[18] Gordon M I, Kim D, Perkins J H, et al. Information flow analysis of Android applications in DroidSafe. In: Proceedings of Annual Network and Distributed System Security Symposium, 2015. Google Scholar

[19] Zimmeck S, Wang Z Q, Zou L Y, et al. Automated analysis of privacy requirements for mobile Apps. In: Proceedings of Annual Network and Distributed System Security Symposium, 2017. Google Scholar

[20] McReynolds E, Hubbard S, Timothy L, et al. Toys that listen: a study of parents, children, and internet-connected toys. In: Proceedings of Conference on Human Factors in Computing Systems, 2017. 5197--5207. Google Scholar

[21] Ren J J, Rao A, Lindorfer M, et al. ReCon: revealing and controlling privacy leaks in mobile network traffic. In: Proceedings of ACM SIGMOBILE MobiSys, 2016. 361--374. Google Scholar

[22] Reyes I, Wijesekera P, Reardon J, et al. “Won't somebody think of the children?" Examining COPPA compliance at scale. In: Proceedings of Privacy Enhancing Technologies, 2018. 63--83. Google Scholar

[23] Enck W, Gilbert P, Chun B G. TaintDroid. Commun ACM, 2014, 57: 99-106 CrossRef Google Scholar

[24] Le A, Varmarken J, Langhoff S, et al. AntMonitor: a system for monitoring from mobile devices. In: Proceedings of ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data, 2015. 15--20. Google Scholar

[25] You W, Liang B, Shi W. TaintMan: An ART-Compatible Dynamic Taint Analysis Framework on Unmodified and Non-Rooted Android Devices. IEEE Trans Dependable Secure Comput, 2020, 17: 209-222 CrossRef Google Scholar

[26] Reardon J, Feal A, Wijesekera P, et al. 50 ways to leak your data: an exploration of Apps' circumvention of the Android permissions system. In: Proceedings of USENIX Security Symposium, 2019. 603--620. Google Scholar

[27] Kiran K V D, Mukkamala S, Katragadda A, et al. Performance and analysis of risk assessment methodologies in information security. Int J Comput Trends Technol, 2013, 4: 7--26. Google Scholar

[28] Mylonas A, Gritzalis D, Tsoumas B, et al. A qualitative metrics vector for the awareness of smartphone security users. In: Proceedings of the Trust, Privacy, and Security in Digital Business, 2013. 173--184. Google Scholar

[29] Agence nationale de la s$\acute{e}$curit$\acute{e}$ des syst$\grave{e}$ms d'information: EBIOS — Expression des Besoins et Identification des Objectifs de S$\acute{e}$curit$\acute{e}$. https://www.ssi.gouv.fr/guide/ebios-2010-expression-des-besoins-et-identification-des-objectifs-de-securite/. Google Scholar

[30] Liu F T, Ting K M, Zhou Z H. Isolation-Based Anomaly Detection. ACM Trans Knowl Discov Data, 2012, 6: 1-39 CrossRef Google Scholar

[31] Meng W, Ding R, Chung S P, et al. The price of free: privacy leakage in personalized mobile in-Apps ads. In: Proceedings of Annual Network and Distributed System Security Symposium, 2016. Google Scholar

[32] Taylor V F, Beresford A R, Martinovic I. Intra-library collusion: a potential privacy nightmare on smartphones. 2017,. arXiv Google Scholar

[33] Nath S. MAdScope: characterizing mobile in-app targeted ads. In: Proceedings of International Conference on Mobile Systems, Applications and Services, 2015. 59--73. Google Scholar

[34] Zhou Y J, Jiang X X. Dissecting Android malware: characterization and evolution. In: Proceedings of IEEE Symposium on Security and Privacy, 2012. 95--109. Google Scholar

[35] Liccardi I, Pato J, Weitzner D J, et al. No technical understanding required: helping users make informed choices about access to their personal data. In: Proceedings of MOBIQUITOUS'14, 2014. 140--150. Google Scholar

[36] Enck W, Ongtang M, Mcdaniel P. On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009. 235--245. Google Scholar

[37] Aung Z, Zaw W. Permission-based Android malware detection. Int J Sci Technol Res, 2013, 2: 228--234. Google Scholar

[38] Rahul R, Xiao X S, Yang W, et al. WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of Usenix Conference on Security, 2013. 89--97. Google Scholar

[39] Ilyas I F, Markl V, Haas P J, et al. CORDS: automatic discovery of correlations and soft functional dependencies. In: Proceedings of International Conference on Management of Data, 2004. 647--658. Google Scholar

[40] Li J H, Qu C. Survey of Android malware detection methods. J Appl Res Comput, 2019, 36: 1--7. Google Scholar

qqqq

Contact and support