Skip to main content
SpringerLink
Log in

Functionalities as Superior Predictor of Applications Privacy Threats

  • Conference paper
  • First Online:
New Advances in Information Systems and Technologies

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 444))

  • 3004 Accesses

Abstract

Applications are invading our devices whether in our phones, computers and TVs or in our cars, appliances and cameras. Providing great benefits in terms of added functionalities and customization, these applications also put a lot of pressure on our privacy. In order to offer their services, these applications needs access to data stored on the devices or captured by various sensors. Currently all systems have implemented a permissions based framework for granting access to various data, based on the requests made by the applications. However, it is difficult for most users to make informed decisions when they are asked to grant these accesses. In this paper, we present a paradigm shift from a permissions to a functionalities framework. We show that users are consistent in understanding functionalities offered by applications and we propose an ontology for bridging the gap between understandable functionalities and technical permissions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adams, W.A.: A transdisciplinary ontology of innovation governance. Artif. Intell. Law. 16, 2, 147–174 (2007).

    Google Scholar 

  2. Beresford, A.R. et al.: MockDroid. Proceedings of the 12th Workshop on Mobile Computing Systems and Applications – HotMobile ’11. pp. 49–54 ACM Press, Phoenix, AZ, USA (2011).

    Google Scholar 

  3. Bläsing, T. et al.: An android application sandbox system for suspicious software detection. Proc. 5th IEEE Int. Conf. Malicious Unwanted Software, Malware 2010. 55–62 (2010).

    Google Scholar 

  4. Chakradeo, S. et al.: MAST: Triage for Market-scale Mobile Malware Analysis. ACM Conf. Secur. Priv. Wirel. Mob. Networks. 13–24 (2013).

    Google Scholar 

  5. Chin, E. et al.: Measuring user confidence in smartphone security and privacy. Proceedings of the Eighth Symposium on Usable Privacy and Security – SOUPS ’12. p. 1, Washington, DC, USA (2012).

    Google Scholar 

  6. Christensen, C.M. et al.: Finding the Right Job for Your Product. MIT Sloan Manag. Rev. 48, 3, 38–47 (2007).

    Google Scholar 

  7. Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS Detecting privacy leaks in iOS applications. Proc. 18th Annu. Netw. Distrib. Syst. Secur. Symp. NDSS 2011. 11 (2011).

    Google Scholar 

  8. Egelman, S. et al.: Choice Architecture and Smartphone Privacy: There’s a Price for That. The Economics of Information Security and Privacy. pp. 211–236 Springer Berlin Heidelberg, Berlin, Heidelberg (2013).

    Google Scholar 

  9. Enck, W. et al.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Osdi ’10. 49, 1–6 (2010).

    Google Scholar 

  10. Felt, A.P. et al.: Android permissions demystified. Proceedings of the 18th ACM conference on Computer and communications security - CCS ’11. pp. 627–637 ACM Press, Chicago, Illinois, USA (2011).

    Google Scholar 

  11. Felt, A.P. et al.: I’ve got 99 problems, but vibration ain’t one. Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM ’12. p. 33 ACM Press, Raleigh, North Carolina, USA (2012).

    Google Scholar 

  12. Felt, A.P. et al.: The effectiveness of application permissions. Proceedings of the 2nd USENIX conference on Web application development. p. 12 USENIX Association, Berkeley, CA, USA (2011).

    Google Scholar 

  13. Gibler, C. et al.: AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 7344 LNCS, 291–307 (2012).

    Google Scholar 

  14. Grace, M. et al.: RiskRanker : Scalable and Accurate Zero-day Android Malware Detection Categories and Subject Descriptors. Proc. 10th Int. Conf. Mob. Syst. Appl. Serv. 281–293 (2011).

    Google Scholar 

  15. Guarino, N.: Understanding, building and using ontologies. Int. J. Hum. Comput. Stud. 46, 2-3, 293–310 (1997).

    Google Scholar 

  16. Hornyack, P. et al.: These Aren’t the Droids You’re Looking for: Retrofitting Android to Protect Data from Imperious Applications. Proc. 18th ACM Conf. Comput. Commun. Secur. 639–652 (2011).

    Google Scholar 

  17. Janson, H.: Calculating and Reporting Rorschach Intercoder Agreement. March, (2008).

    Google Scholar 

  18. Janson, H., Olsson, U.: A Measure of Agreement for Interval or Nominal Multivariate Observations by Different Sets of Judges. Educ. Psychol. Meas. 64, 1, 62–70 (2004).

    Google Scholar 

  19. Joachims, T.: Text Categorization with Support Vector Machines: Learning with Many Relevant Features. Proc. 10th Eur. Conf. Mach. Learn. ECML ’98. 137–142 (1998).

    Google Scholar 

  20. Kelley, P.G. et al.: Privacy as part of the app decision-making process. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems – CHI ’13. pp. 3393–3402 ACM Press, Paris, France (2013).

    Google Scholar 

  21. Landis, J.R., Koch, G.G.: The measurement of observer agreement for categorical data. Biometrics. 33, 1, 159–174 (1977).

    Google Scholar 

  22. McDaniel, P., Smith, S.W.: Not so great expectations: Why Application Markets Haven’t Failed Security. Secur. Privacy, IEEE. 8, 5, 76 – 78 (2010).

    Google Scholar 

  23. Pandita, R. et al.: WHYPER : Towards Automating Risk Assessment of Mobile Applications W HYPER : Towards Automating Risk Assessment of Mobile Applications. USENIX Secur. Symp. 527–542 (2013).

    Google Scholar 

  24. De Santo, A., Gaspoz, C.: Influence of Users’ Privacy Risks Literacy on the Intention to Install a Mobile Application. In: Rocha, A. et al. (eds.) New Contributions in Information Systems and Technologies. pp. 329–341 Springer International Publishing, Cham (2015).

    Google Scholar 

  25. Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. (2012).

    Google Scholar 

  26. Stevens, R. et al.: Investigating User Privacy in Android Ad Libraries. Workshop on Mobile Security Technologies (MoST). p. 10, San Francisco, California, USA (2012).

    Google Scholar 

  27. Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11, 2, 93–136 (1996).

    Google Scholar 

  28. Yan, L., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. Proc. 21st USENIX Secur. Symp. 29 (2012).

    Google Scholar 

  29. Zhou, Y. et al.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Proc. 19th Annu. Netw. Distrib. Syst. Secur. Symp. 2, 5–8 (2012).

    Google Scholar 

  30. Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. 2012 IEEE Symp. Secur. Priv. 4, 95–109 (2012).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Systems and Management Institute, HES-SO, University of Applied Sciences Western Switzerland, HEG Arc, Neuchâtel, Switzerland

    Alessio De Santo, Brice Quiquerez & Cédric Gaspoz

Authors
  1. Alessio De Santo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brice Quiquerez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cédric Gaspoz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Alessio De Santo , Brice Quiquerez or Cédric Gaspoz .

Editor information

Editors and Affiliations

  1. DEI/FCT, Universidade de Coimbra, Coimbra, Portugal

    Álvaro Rocha

  2. ISEGI,, Universidade Nova de Lisboa, Lisboa, Portugal

    Ana Maria Correia

  3. College of Engineering, The Ohio State University, Columbus, Ohio, USA

    Hojjat Adeli

  4. DSI, Universidade do Minho, Guimarães, Portugal

    Luis Paulo Reis

  5. Rua Dom Manoel de Medeiros, s/n, DoisIrm, Universidade Federal Rural de Pernambuco, Recife, Brazil

    Marcelo Mendonça Teixeira

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

De Santo, A., Quiquerez, B., Gaspoz, C. (2016). Functionalities as Superior Predictor of Applications Privacy Threats. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Mendonça Teixeira, M. (eds) New Advances in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 444. Springer, Cham. https://doi.org/10.1007/978-3-319-31232-3_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31232-3_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31231-6

  • Online ISBN: 978-3-319-31232-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation