Abstract
In this paper, we introduce an approach that aims at increasing individuals’ privacy awareness. We perform a privacy risk assessment of the smartphone applications (apps) installed on a user’s device. We implemented an app behaviour monitoring tool that collects information about access to sensitive resources by each installed app. We then calculate a privacy risk score using a fuzzy logic based approach that considers type, number and frequency of access on resources. The combination of these two concepts provides the user with information about the privacy invasiveness level of the monitored apps. Our approach enables users to make informed privacy decisions, i.e. restrict permissions or report an app based on resource access events. We evaluate our approach by analysing the behaviour of selected apps and calculating their associated privacy score. Initial results demonstrate the applicability of our approach, which allows the comparison of apps by reporting to the user the detected events and the resulting privacy risk score.
References
Naghizadeh, A., Razeghi, B., Meamari, E., Hatamian, M., Atani, R.E.: C-trust: a trust management system to improve fairness on circular P2P networks. Peer-to-Peer Netw. Appl. 9(6), 1128–1144 (2016)
Smartphone OS Market Share, 2016 Q2. https://www.idc.com/prodserv/smartphone-os-market-share.jsp. Accessed 6 Dec 2016
\(97\%\) of malicious mobile malware targets Android. http://www.scmagazineuk.com/updated-97-of-malicious-mobile-malware-targets-android/article/422783/. Accessed 6 Dec 2016
Bal, G., Rannenberg, K.: User control mechanisms for privacy protection shouldgo hand in hand with privacy-consequence information: the case of smartphone apps. In: Proceedings of W3C Workshop on Privacy and User-Centric Controls, pp. 1–5, Germany (2014)
Android Developers. https://developer.android.com/index.html. Accessed 6 April 2017
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS), pp. 1–14, USA (2012)
Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3393–3402, France (2013)
Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Proceedings of the 26th International Conference on Financial Cryptography and Data Security, pp. 68–79, Bonaire (2012)
Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332, China (2010)
Gilbert, P., Chun, B.G., Cox, L., Jung, J.: Automating privacy testing of smartphone applications. Technical report CS-2011-02. Duke University (2011)
Beresford, A., Rice, A., Sohan, N.: MockDroid: trading privacy for applica-tion functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54, USA (2011)
Zhou, Y., Zhang, X., Jiang, X., Freech, V.W.: Taming information-stealing smartphone applications (on Android). In: Proceedings of the 4th International Conference on Trust and Trustworthy Computing, pp. 93–107, USA (2011)
Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in Android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71–72, South Korea (2012)
Taylor, V.F., Martinovic, I.: SecuRank: starving permission-hungry apps using contextual permission analysis. In: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 43–52, Austria (2016)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystied. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638, USA (2011)
Hatamian, M., Serna, J.: Informed decision-making supporter and privacy risk analyser in smartphone applications. In: Proceedings of the 35th IEEE International Conference on Consumer Electronics (ICCE), pp. 468–471, USA (2017)
Google removes vital privacy feature from Android, claiming its release was accidental. https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them/. Accessed 17 July 2016
Razeghi, B., Hatamian, M., Naghizadeh, A., Sabeti, S., Hodtani, G.A.: A novel relay selection scheme for multi-user cooperation communications using fuzzy logic. In: Proceedings of the 12th IEEE International Conference on Networking, Sensing and Control (ICNSC), pp. 241–246, Taiwan (2015)
Berenjian, S., Shajari, M., Farshid, N., Hatamian, M.: Intelligent automated intrusion response system based on fuzzy decision making and risk assessment. In: Proceedings of the 8th IEEE International Conference on Intelligent Systems (IS), pp. 709–714, Bulgaria (2016)
Tavakkoli, P., Souran, D.M., Tavakkoli, S., Hatamian, M., Mehrabian, A., Balas, V.E.: Classification of the liver disorders data using multi-layer adaptive neuro-fuzzy inference system. In: Proceedings of the 6th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–4, USA (2015)
Chen, G., Pham, T.T.: Introduction to Fuzzy Sets, Fuzzy Logic, and Fuzzy Control Systems. CRC Press, Boca Raton (2001)
Acknowledgments
The authors would like to thank: A. Paterno, D. Mattes, D. Wowniuk, M. Duchmann, M. Krapp, and R. Dieges for providing the app. This research work has received funding from the H2020 Marie Skłodowska-Curie EU project “Privacy&Us” under the grant agreement No. 675730.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hatamian, M., Serna, J., Rannenberg, K., Igler, B. (2017). FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps. In: Lopez, J., Fischer-HĂĽbner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-64483-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64482-0
Online ISBN: 978-3-319-64483-7
eBook Packages: Computer ScienceComputer Science (R0)