Abstract
Applications are invading our devices whether in our phones, computers and TVs or in our cars, appliances and cameras. Providing great benefits in terms of added functionalities and customization, these applications also put a lot of pressure on our privacy. In order to offer their services, these applications needs access to data stored on the devices or captured by various sensors. Currently all systems have implemented a permissions based framework for granting access to various data, based on the requests made by the applications. However, it is difficult for most users to make informed decisions when they are asked to grant these accesses. In this paper, we present a paradigm shift from a permissions to a functionalities framework. We show that users are consistent in understanding functionalities offered by applications and we propose an ontology for bridging the gap between understandable functionalities and technical permissions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, W.A.: A transdisciplinary ontology of innovation governance. Artif. Intell. Law. 16, 2, 147–174 (2007).
Beresford, A.R. et al.: MockDroid. Proceedings of the 12th Workshop on Mobile Computing Systems and Applications – HotMobile ’11. pp. 49–54 ACM Press, Phoenix, AZ, USA (2011).
Bläsing, T. et al.: An android application sandbox system for suspicious software detection. Proc. 5th IEEE Int. Conf. Malicious Unwanted Software, Malware 2010. 55–62 (2010).
Chakradeo, S. et al.: MAST: Triage for Market-scale Mobile Malware Analysis. ACM Conf. Secur. Priv. Wirel. Mob. Networks. 13–24 (2013).
Chin, E. et al.: Measuring user confidence in smartphone security and privacy. Proceedings of the Eighth Symposium on Usable Privacy and Security – SOUPS ’12. p. 1, Washington, DC, USA (2012).
Christensen, C.M. et al.: Finding the Right Job for Your Product. MIT Sloan Manag. Rev. 48, 3, 38–47 (2007).
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS Detecting privacy leaks in iOS applications. Proc. 18th Annu. Netw. Distrib. Syst. Secur. Symp. NDSS 2011. 11 (2011).
Egelman, S. et al.: Choice Architecture and Smartphone Privacy: There’s a Price for That. The Economics of Information Security and Privacy. pp. 211–236 Springer Berlin Heidelberg, Berlin, Heidelberg (2013).
Enck, W. et al.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Osdi ’10. 49, 1–6 (2010).
Felt, A.P. et al.: Android permissions demystified. Proceedings of the 18th ACM conference on Computer and communications security - CCS ’11. pp. 627–637 ACM Press, Chicago, Illinois, USA (2011).
Felt, A.P. et al.: I’ve got 99 problems, but vibration ain’t one. Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM ’12. p. 33 ACM Press, Raleigh, North Carolina, USA (2012).
Felt, A.P. et al.: The effectiveness of application permissions. Proceedings of the 2nd USENIX conference on Web application development. p. 12 USENIX Association, Berkeley, CA, USA (2011).
Gibler, C. et al.: AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 7344 LNCS, 291–307 (2012).
Grace, M. et al.: RiskRanker : Scalable and Accurate Zero-day Android Malware Detection Categories and Subject Descriptors. Proc. 10th Int. Conf. Mob. Syst. Appl. Serv. 281–293 (2011).
Guarino, N.: Understanding, building and using ontologies. Int. J. Hum. Comput. Stud. 46, 2-3, 293–310 (1997).
Hornyack, P. et al.: These Aren’t the Droids You’re Looking for: Retrofitting Android to Protect Data from Imperious Applications. Proc. 18th ACM Conf. Comput. Commun. Secur. 639–652 (2011).
Janson, H.: Calculating and Reporting Rorschach Intercoder Agreement. March, (2008).
Janson, H., Olsson, U.: A Measure of Agreement for Interval or Nominal Multivariate Observations by Different Sets of Judges. Educ. Psychol. Meas. 64, 1, 62–70 (2004).
Joachims, T.: Text Categorization with Support Vector Machines: Learning with Many Relevant Features. Proc. 10th Eur. Conf. Mach. Learn. ECML ’98. 137–142 (1998).
Kelley, P.G. et al.: Privacy as part of the app decision-making process. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems – CHI ’13. pp. 3393–3402 ACM Press, Paris, France (2013).
Landis, J.R., Koch, G.G.: The measurement of observer agreement for categorical data. Biometrics. 33, 1, 159–174 (1977).
McDaniel, P., Smith, S.W.: Not so great expectations: Why Application Markets Haven’t Failed Security. Secur. Privacy, IEEE. 8, 5, 76 – 78 (2010).
Pandita, R. et al.: WHYPER : Towards Automating Risk Assessment of Mobile Applications W HYPER : Towards Automating Risk Assessment of Mobile Applications. USENIX Secur. Symp. 527–542 (2013).
De Santo, A., Gaspoz, C.: Influence of Users’ Privacy Risks Literacy on the Intention to Install a Mobile Application. In: Rocha, A. et al. (eds.) New Contributions in Information Systems and Technologies. pp. 329–341 Springer International Publishing, Cham (2015).
Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. (2012).
Stevens, R. et al.: Investigating User Privacy in Android Ad Libraries. Workshop on Mobile Security Technologies (MoST). p. 10, San Francisco, California, USA (2012).
Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11, 2, 93–136 (1996).
Yan, L., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. Proc. 21st USENIX Secur. Symp. 29 (2012).
Zhou, Y. et al.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Proc. 19th Annu. Netw. Distrib. Syst. Secur. Symp. 2, 5–8 (2012).
Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. 2012 IEEE Symp. Secur. Priv. 4, 95–109 (2012).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
De Santo, A., Quiquerez, B., Gaspoz, C. (2016). Functionalities as Superior Predictor of Applications Privacy Threats. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Mendonça Teixeira, M. (eds) New Advances in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 444. Springer, Cham. https://doi.org/10.1007/978-3-319-31232-3_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-31232-3_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31231-6
Online ISBN: 978-3-319-31232-3
eBook Packages: EngineeringEngineering (R0)