Advertisement

“It’s Shocking!": Analysing the Impact and Reactions to the A3: Android Apps Behaviour Analyser

  • Majid Hatamian
  • Agnieszka Kitkowska
  • Jana Korunovska
  • Sabrina Kirrane
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10980)

Abstract

The lack of privacy awareness in smartphone ecosystems prevents users from being able to compare apps in terms of privacy and from making informed privacy decisions. In this paper we analysed smartphone users’ privacy perceptions and concerns based on a novel privacy enhancing tool called Android Apps Behaviour Analyser (A3). The A3 tool enables user to behaviourally analyse the privacy aspects of their installed apps and notifies about potential privacy invasive activities. To examine the capabilities of A3 we designed a user study. We captured and contrasted privacy concern and perception of 52 participants, before and after using our tool. The results showed that A3 enables users to easily detect their smartphone app’s privacy violation activities. Further, we found that there is a significant difference between users’ privacy concern and expectation before and after using A3 and the majority of them were surprised to learn how often their installed apps access personal resources. Overall, we observed that the A3 tool was capable to influence the participants’ attitude towards protecting their privacy.

Keywords

Smartphone ecosystems Android Privacy Permission Privacy concern Privacy behaviour 

References

  1. 1.
    Gilbert, P., Chun, B.G., Cox, L., Jung, J.: Automating privacy testing of smartphone applications. Technical report CS-2011-02, Duke University (2011)Google Scholar
  2. 2.
    Raad, E., Chbeir, R.: Privacy in online social networks. In: Chbeir, R., Bouna, B.A. (eds.) Security and Privacy Preserving in Social Networks. LNSN, pp. 3–45. Springer, Vienna (2013).  https://doi.org/10.1007/978-3-7091-0894-9_1CrossRefGoogle Scholar
  3. 3.
    Razeghi, B., Voloshynovskiy, S.: Privacy-preserving outsourced media search using secure sparse ternary codes. In: Proceedings of IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Calgary, Canada, pp. 1–5 (2018)Google Scholar
  4. 4.
    Razeghi, B., Voloshynovskiy, S., Kostadinov, D., Taran, O.: Privacy preserving identification using sparse approximation with ambiguization. In: Proceedings of IEEE International Workshop on Information Forensics and Security (WIFS), Rennes, France, pp. 1–6 (2017)Google Scholar
  5. 5.
    Number of apps available in leading app stores. https://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/. Accessed 5 Apr 2018
  6. 6.
    Number of mobile app downloads worldwide in 2016, 2017 and 2021. https://www.statista.com/statistics/271644/worldwide-free-and-paid-mobile-app-store-downloads/. Accessed 5 April 2018
  7. 7.
    eMarketer unveils new estimates for mobile app usage. https://www.emarketer.com/Article/eMarketer-Unveils-New-Estimates-Mobile-App-Usage/1015611. Accessed 5 Apr 2018
  8. 8.
    Report: Smartphone owners are using 9 apps per day, 30 per month. https://techcrunch.com/2017/05/04/report-smartphone-owners-are-using-9-apps-per-day-30-per-month/. Accessed 5 Apr 2018
  9. 9.
    More time on Internet through smartphones than PCs. https://marketingland.com/nielsen-time-accessing-internet-smartphones-pcs-73683. Accessed 5 Apr 2018
  10. 10.
    Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of ACM Conference on Ubiquitous Computing (UbiComp 2012), Pittsburgh, Pennsylvania, USA, pp. 501–510 (2012)Google Scholar
  11. 11.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th ACM Symposium on Usable Privacy and Security (SOUPS 2012), pp. 1–3, New York, NY, USA (2012)Google Scholar
  12. 12.
    Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2012), pp. 33–44, New York, NY, USA (2012)Google Scholar
  13. 13.
    Solove, D.J.: Nothing to Hide: The False Tradeoff between Privacy and Security. Yale University Press, London (2011)Google Scholar
  14. 14.
    Your apps are watching you. https://www.wsj.com/articles/SB10001424052748704694004576020083703574602. Accessed 5 Apr 2018
  15. 15.
    Appthority exposes security and privacy risk behind top 400 mobile apps. https://www.appthority.com/company/press/press-releases/appthority-exposes-security-and-privacy-risks-behind-top-400-mobile-apps/. Accessed 5 Apr 2018
  16. 16.
    Chia, P.H., Yamamoto, Y., Asokan, N.: Is this app safe? A large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web, pp. 311–320, Lyon, France (2012)Google Scholar
  17. 17.
    Kelley, P.G., Benisch, M., Cranor, L.F., Sadeh, N.: When are users comfortable sharing locations with advertisers? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2449–2452, Vancouver, BC, Canada (2011)Google Scholar
  18. 18.
    Chin, E., Felt, A.P., Sekar, V., Wagner, D.: Measuring user confidence in smartphone security and privacy. In: Proceedings of the 8th Symposium on Usable Privacy and Security, Washington, D.C., USA, Article No. 1 (2012)Google Scholar
  19. 19.
    Amini, S.: Analyzing mobile app privacy using computation and crowdsourcing. In: Proceedings of the ACM Conference on Ubiquitous Computing, Ph.D. dissertation (2014)Google Scholar
  20. 20.
    Amini, S., Lin, J., Hong, J.I., Lindqvist, J., Zhang, J.: Mobile application evaluation using automation and crowdsourcing. In: Proceedings of the Workshop on Privacy Enhancing Tools (2013)Google Scholar
  21. 21.
    Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: Proceedings of the 24th USENIX Security Symposium, pp. 499–514, Washington, D.C., USA (2015)Google Scholar
  22. 22.
    Crager, K., Maiti, A., Jadliwala, M., He, J.: Information leakage through mobile motion sensors: user awareness and concerns. In: Proceedings of the 2nd European Workshop on Usable Security, pp. 1–15, Paris, France (2017)Google Scholar
  23. 23.
    Brown, B.: Studying the Internet experience, HP Laboratories Technical report HPL (2001). http://shiftleft.com/mirrors/www.hpl.hp.com/techreports/2001/HPL-2001-49.pdf
  24. 24.
    Norberg, P.A., Horne, D.R., Horne, D.A.: The privacy paradox: personal information disclosure intentions versus behaviors. J. Consum. Aff. 41(1), 100–126 (2007)CrossRefGoogle Scholar
  25. 25.
    Acquisti, A., Taylor, C.R., Wagman, L.: The economics of privacy. J. Econ. Lit. 54(2), 442–492 (2016)CrossRefGoogle Scholar
  26. 26.
    Google removes vital privacy feature from Android, claiming its release was accidental. https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them/. Accessed 17 July 2016
  27. 27.
    Hatamian, M., Serna-Olvera, J.: Beacon alarming: informed decision-making supporter and privacy risk analyser in Smartphone applications. In: Proceedings of the IEEE International Conference on Consumer Electronics (ICCE), pp. 468–471, Las Vegas, NV, USA (2017)Google Scholar
  28. 28.
    Hatamian, M., Serna, J., Rannenberg, K., Igler, B.: FAIR: fuzzy alarming index rule for privacy analysis in smartphone apps. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds.) TrustBus 2017. LNCS, vol. 10442, pp. 3–18. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-64483-7_1CrossRefGoogle Scholar
  29. 29.
    Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union, vol. 59 (2016)Google Scholar
  30. 30.
    Aldhafferi, N., Watson, C., Sajeev, A.S.M.: Personal information privacy settings of online social networks and their suitability for mobile internet devices. Int. J. Secur. Priv. Trust Manag. 2(2), 1–17 (2013)CrossRefGoogle Scholar
  31. 31.
    Rao, A., Schaub, F., Sadeh, N., Acquisti, A., Kang, R.: Expecting the unexpected: understanding mismatched privacy expectations online. In: Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS), pp. 77–96, Denver, CO, USA (2016)Google Scholar
  32. 32.
    Likert, R.: A technique for the measurement of attitudes. Arch. Psychol. 22, 5–55 (1932)Google Scholar
  33. 33.
    Gliem, J.A., Gliem, R.R.: Calculating, interpreting, and reporting Cronbach’s alpha reliability coefficient for likert-type scales. In: Proceedings of Midwest Research to Practice Conference in Adult, Continuing, and Community Education, Columbus, Ohio, USA, pp. 82–88 (2003)Google Scholar
  34. 34.
    Field, A., Miles, J., Field, Z.: Discovering Statistics Using SPSS. Sage Publications Ltd., Thousand Oaks (2013)zbMATHGoogle Scholar
  35. 35.
    Greene, J., D’Oliveira, M.: Learning to Use Statistical Tests in Psychology. Open University Press, Milton Keynes (2005)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Majid Hatamian
    • 1
  • Agnieszka Kitkowska
    • 2
  • Jana Korunovska
    • 3
  • Sabrina Kirrane
    • 3
  1. 1.Chair of Mobile Business and Multilateral SecurityGoethe University FrankfurtFrankfurt am MainGermany
  2. 2.Karlstad UniversityKarlstadSweden
  3. 3.Vienna University of Business and EconomicsViennaAustria

Personalised recommendations