PriWe: Recommendation for Privacy Settings of Mobile Apps Based on Crowdsourced Users' Expectations

Privacy is a pivotal issue of mobile apps because there is a plethora of personal and sensitive information in smartphones. Various mechanisms and tools are proposed to detect and mitigate privacy leaks. However, they rarely consider users' preferences and expectations. Users hold various expectations towards different mobile apps. For example, users can allow a social app to access their photos rather than a game app because it is beyond users' expectation when an entertainment app gets the personal photos. Therefore, we believe it is vital to understand users' privacy expectations to various mobile apps and help them to mitigate privacy risks in the smartphone accordingly. To achieve this objective, we propose and implement PriWe, a system based on crowd sourcing driven by users who contribute privacy permission settings of their apps in smartphones. PriWe leverages the crowd sourced permission settings to understand users' privacy expectation and provides app specific recommendations to mitigate information leakage. We deployed PriWe in the real world for evaluation. According to the feedbacks of 78 users from the real world and 382 participants from Amazon Mechanical Turk, PriWe can make proper recommendations which can meet participants' privacy expectation and are mostly accepted by users, thereby help them to mitigate privacy disclosure in smartphones.

[1]  Jun Wang,et al.  On Combining User-based and Item-based Collaborative Filtering Approaches , 2006 .

[2]  John Riedl,et al.  An Algorithmic Framework for Performing Collaborative Filtering , 1999, SIGIR Forum.

[3]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[4]  Stefan Kraxberger,et al.  Android Security Permissions - Can We Trust Them? , 2011, MobiSec.

[5]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[6]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[7]  David J. Danelski,et al.  Privacy and Freedom , 1968 .

[8]  Zinaida Benenson,et al.  Android and iOS users' differences concerning security and privacy , 2013, CHI Extended Abstracts.

[9]  Yajin Zhou,et al.  A Survey of Android Malware , 2013 .

[10]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[11]  Jacques Klein,et al.  Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android , 2014, IEEE Transactions on Software Engineering.

[12]  Wendy E. Mackay,et al.  CHI '13 Extended Abstracts on Human Factors in Computing Systems , 2013, CHI 2013.

[13]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[14]  Robert Boguslaw,et al.  Privacy and Freedom , 1968 .

[15]  Jun Wang,et al.  Unifying user-based and item-based collaborative filtering approaches by similarity fusion , 2006, SIGIR.

[16]  Kim-Kwang Raymond Choo,et al.  Enhancing User Privacy on Android Mobile Devices via Permissions Removal , 2014, 2014 47th Hawaii International Conference on System Sciences.

[17]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[18]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[19]  Yajin Zhou,et al.  Detecting Passive Content Leaks and Pollution in Android Applications , 2013, NDSS.

[20]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[21]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .