Skip to main content
SpringerLink
Log in

FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10442))

Included in the following conference series:

Abstract

In this paper, we introduce an approach that aims at increasing individuals’ privacy awareness. We perform a privacy risk assessment of the smartphone applications (apps) installed on a user’s device. We implemented an app behaviour monitoring tool that collects information about access to sensitive resources by each installed app. We then calculate a privacy risk score using a fuzzy logic based approach that considers type, number and frequency of access on resources. The combination of these two concepts provides the user with information about the privacy invasiveness level of the monitored apps. Our approach enables users to make informed privacy decisions, i.e. restrict permissions or report an app based on resource access events. We evaluate our approach by analysing the behaviour of selected apps and calculating their associated privacy score. Initial results demonstrate the applicability of our approach, which allows the comparison of apps by reporting to the user the detected events and the resulting privacy risk score.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Naghizadeh, A., Razeghi, B., Meamari, E., Hatamian, M., Atani, R.E.: C-trust: a trust management system to improve fairness on circular P2P networks. Peer-to-Peer Netw. Appl. 9(6), 1128–1144 (2016)

    Article  Google Scholar 

  2. Smartphone OS Market Share, 2016 Q2. https://www.idc.com/prodserv/smartphone-os-market-share.jsp. Accessed 6 Dec 2016

  3. \(97\%\) of malicious mobile malware targets Android. http://www.scmagazineuk.com/updated-97-of-malicious-mobile-malware-targets-android/article/422783/. Accessed 6 Dec 2016

  4. Bal, G., Rannenberg, K.: User control mechanisms for privacy protection shouldgo hand in hand with privacy-consequence information: the case of smartphone apps. In: Proceedings of W3C Workshop on Privacy and User-Centric Controls, pp. 1–5, Germany (2014)

    Google Scholar 

  5. Android Developers. https://developer.android.com/index.html. Accessed 6 April 2017

  6. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS), pp. 1–14, USA (2012)

    Google Scholar 

  7. Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3393–3402, France (2013)

    Google Scholar 

  8. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Proceedings of the 26th International Conference on Financial Cryptography and Data Security, pp. 68–79, Bonaire (2012)

    Google Scholar 

  9. Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332, China (2010)

    Google Scholar 

  10. Gilbert, P., Chun, B.G., Cox, L., Jung, J.: Automating privacy testing of smartphone applications. Technical report CS-2011-02. Duke University (2011)

    Google Scholar 

  11. Beresford, A., Rice, A., Sohan, N.: MockDroid: trading privacy for applica-tion functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54, USA (2011)

    Google Scholar 

  12. Zhou, Y., Zhang, X., Jiang, X., Freech, V.W.: Taming information-stealing smartphone applications (on Android). In: Proceedings of the 4th International Conference on Trust and Trustworthy Computing, pp. 93–107, USA (2011)

    Google Scholar 

  13. Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in Android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71–72, South Korea (2012)

    Google Scholar 

  14. Taylor, V.F., Martinovic, I.: SecuRank: starving permission-hungry apps using contextual permission analysis. In: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 43–52, Austria (2016)

    Google Scholar 

  15. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystied. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638, USA (2011)

    Google Scholar 

  16. Hatamian, M., Serna, J.: Informed decision-making supporter and privacy risk analyser in smartphone applications. In: Proceedings of the 35th IEEE International Conference on Consumer Electronics (ICCE), pp. 468–471, USA (2017)

    Google Scholar 

  17. Google removes vital privacy feature from Android, claiming its release was accidental. https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them/. Accessed 17 July 2016

  18. Razeghi, B., Hatamian, M., Naghizadeh, A., Sabeti, S., Hodtani, G.A.: A novel relay selection scheme for multi-user cooperation communications using fuzzy logic. In: Proceedings of the 12th IEEE International Conference on Networking, Sensing and Control (ICNSC), pp. 241–246, Taiwan (2015)

    Google Scholar 

  19. Berenjian, S., Shajari, M., Farshid, N., Hatamian, M.: Intelligent automated intrusion response system based on fuzzy decision making and risk assessment. In: Proceedings of the 8th IEEE International Conference on Intelligent Systems (IS), pp. 709–714, Bulgaria (2016)

    Google Scholar 

  20. Tavakkoli, P., Souran, D.M., Tavakkoli, S., Hatamian, M., Mehrabian, A., Balas, V.E.: Classification of the liver disorders data using multi-layer adaptive neuro-fuzzy inference system. In: Proceedings of the 6th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–4, USA (2015)

    Google Scholar 

  21. Chen, G., Pham, T.T.: Introduction to Fuzzy Sets, Fuzzy Logic, and Fuzzy Control Systems. CRC Press, Boca Raton (2001)

    Google Scholar 

Download references

Acknowledgments

The authors would like to thank: A. Paterno, D. Mattes, D. Wowniuk, M. Duchmann, M. Krapp, and R. Dieges for providing the app. This research work has received funding from the H2020 Marie Skłodowska-Curie EU project “Privacy&Us” under the grant agreement No. 675730.

Author information

Authors and Affiliations

  1. Chair of Mobile Business and Multilateral Security, Goethe University Frankfurt, Frankfurt am Main, Germany

    Majid Hatamian, Jetzabel Serna & Kai Rannenberg

  2. RheinMain University of Applied Sciences, Wiesbaden, Germany

    Bodo Igler

Authors
  1. Majid Hatamian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jetzabel Serna
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kai Rannenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bodo Igler
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Majid Hatamian .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-HĂĽbner

  3. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Hatamian, M., Serna, J., Rannenberg, K., Igler, B. (2017). FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps. In: Lopez, J., Fischer-HĂĽbner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64483-7_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64482-0

  • Online ISBN: 978-3-319-64483-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation