Quantum Game Analysis of Privacy-Leakage for Application Ecosystems

Personalized applications often provide their functionality by extracting sensitive data from users. Such a strategy brings potential threats to users' privacy because malicious applications may sell users' sensitive data to third-parties for economic interests. The state-of-the-art literature addresses the privacy issue mainly from a technical perspective. In this paper, we take a different angle in which the main players involving privacy leakage are studied from a connected perspective rather than an isolated one. More specifically, we propose the concept of application ecosystem, which consists of user, application, and adversary (malicious third-party) as entities. Our aim is to analyze the tension forces inside the application ecosystem and their impacts on the behavior of each player, which can serve as a theoretical basis for designing effective and efficient privacy preservation solutions from a management level. Another outstanding trait of our analysis is the adoption of quantum game theory to model the application ecosystem, which is suitable because the important property of entanglement in quantum games can be employed to well depict the inner tension forces among the user, application, and adversary. This makes us take an important step towards understanding the complexity of decision-making from rational individuals. To the best of our knowledge, we are the first to quantize the privacy leakage issue. The simulation results quantitatively demonstrate how the mutual restrictions among all players determine their strategies and hence the development of the application ecosystem.

[1]  Suman Nath,et al.  MaskIt: privately releasing user context streams for personalized mobile applications , 2012, SIGMOD Conference.

[2]  Shengling Wang,et al.  Extensive Form Game Analysis Based on Context Privacy Preservation for Smart Phone Applications , 2016, WASA.

[3]  Elisa Bertino,et al.  Privacy-Preserving and Content-Protecting Location Based Queries , 2014, IEEE Trans. Knowl. Data Eng..

[4]  Kalyanmoy Deb,et al.  A fast and elitist multiobjective genetic algorithm: NSGA-II , 2002, IEEE Trans. Evol. Comput..

[5]  Paul Glimcher,et al.  Decisions, Decisions, Decisions Choosing a Biological Science of Choice , 2002, Neuron.

[6]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[7]  Douglas Cochran,et al.  Quantum networks: from quantum cryptography to quantum architecture , 2004, CCRV.

[8]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[9]  E. W. Piotrowski,et al.  Quantum English auctions , 2001 .

[10]  Qinghua Li,et al.  Achieving k-anonymity in privacy-aware location-based services , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[11]  Ma Lei Multiplayer quantum game with continuous-variable strategies , 2006 .

[12]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[13]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[14]  Hui Li,et al.  Continuous-Variable Quantum Games , 2002 .

[15]  Simon C. Benjamin,et al.  Multiplayer quantum games , 2001 .

[16]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Qian Zhang,et al.  A stochastic game for privacy preserving context sensing on mobile phone , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[18]  David P. DiVincenzo,et al.  Quantum information and computation , 2000, Nature.

[19]  J. Eisert,et al.  Quantum Games and Quantum Strategies , 1998, quant-ph/9806088.

[20]  Xin Chen,et al.  DroidJust: automated functionality-aware privacy leakage analysis for Android applications , 2015, WISEC.

[21]  R. Gilmore,et al.  Baker‐Campbell‐Hausdorff formulas , 1974 .

[22]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[23]  D. Meyer Quantum strategies , 1998, quant-ph/9804010.

[24]  Chao Zhang,et al.  L2P2: Location-aware location privacy protection for location-based services , 2012, 2012 Proceedings IEEE INFOCOM.

[25]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.