Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices

The ever-increasing number of third-party applications developed for Android devices has resulted in a growing interest in the secondary activities that these applications perform and how they affect a user’s privacy. Unfortunately, users continue to install these applications without any concrete knowledge of the breadth of these activities; hence, they have little insight into the sensitive information and resources accessed by these applications. In this paper, we explore users’ perception and reaction when presented with a visual analysis of Android applications activities and their security implications. This study uses interactive visual schemas to communicate the effect of applications activities in order to support users with more understandable information about the risks they face from such applications. Through findings from a user-based experiment, we demonstrate that when visuals diagrams about application activities are presented to users, they became more aware and sensitive to the privacy intrusiveness of certain applications. This awareness and sensitivity stems from the fact that some of these applications were accessing a significant number of resources and sensitive information, and transferring data out of the devices, even when they arguably had little reason to do so.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[3]  Kwan-Liu Ma,et al.  MobiVis: A Visualization System for Exploring Mobile Data , 2008, 2008 IEEE Pacific Visualization Symposium.

[4]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[5]  Timeline , 2016 .

[6]  M. Sheelagh T. Carpendale,et al.  Papilio: Visualizing Android Application Permissions , 2014, Comput. Graph. Forum.

[7]  Sadie Creese,et al.  Trustworthy and effective communication of cybersecurity risks: A review , 2011, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST).

[8]  Michael Backes,et al.  AppGuard — Real-time policy en- forcement for third-party applications , 2012 .

[9]  Sebastian Möller,et al.  Using Statistical Information to Communicate Android Permission Risks to Users , 2014, 2014 Workshop on Socio-Technical Aspects in Security and Trust.

[10]  Sadie Creese,et al.  Guidelines for usable cybersecurity: Past and present , 2011, 2011 Third International Workshop on Cyberspace Safety and Security (CSS).

[11]  The MITRE Corporation,et al.  Android forensics : Automated data collection and reporting from a mobile device , 2022 .

[12]  HeerJeffrey,et al.  D3 Data-Driven Documents , 2011 .

[13]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[14]  Keita Emura,et al.  Risk visualization and alerting system: architecture and proof-of-concept implementation , 2013, SESP '13.

[15]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[16]  Sadie Creese,et al.  Two sides of the coin: measuring and communicating the trustworthiness of online information , 2014, Journal of Trust Management.

[17]  Jeffrey Heer,et al.  SpanningAspectRatioBank Easing FunctionS ArrayIn ColorIn Date Interpolator MatrixInterpola NumObjecPointI Rectang ISchedu Parallel Pause Scheduler Sequen Transition Transitioner Transiti Tween Co DelimGraphMLCon IData JSONCon DataField DataSc Dat DataSource Data DataUtil DirtySprite LineS RectSprite , 2011 .

[18]  Matthew Smith,et al.  Visualizing Risk by Example: Demonstrating Threats Arising From Android Apps , 2013 .

[19]  Gökhan Bal Revealing Privacy-Impacting Behavior Patterns of Smartphone Applications , 2012 .

[20]  Chung-Huang Yang,et al.  Design and Implementation of Forensic Systems for Android Devices based on Cloud Computing , 2012 .

[21]  Studying the effectiveness of android application permissions requests , 2013, 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[22]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.